OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 617 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
628 return m_document ? m_document->charset().string() : String(); | 628 return m_document ? m_document->charset().string() : String(); |
629 } | 629 } |
630 | 630 |
631 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) | 631 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) |
632 { | 632 { |
633 if (!m_document || !RuntimeEnabledFeatures::experimentalContentSecurityPolic
yFeaturesEnabled()) | 633 if (!m_document || !RuntimeEnabledFeatures::experimentalContentSecurityPolic
yFeaturesEnabled()) |
634 return; | 634 return; |
635 | 635 |
636 KURL url = fetchRequest.resourceRequest().url(); | 636 KURL url = fetchRequest.resourceRequest().url(); |
637 | 637 |
638 // Tack a 'Prefer' header to outgoing navigational requests, as described in | 638 // Tack an 'HTTPS' header to outgoing navigational requests, as described in |
639 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 639 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
640 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne && !SecurityOrigin::isSecure(url)) | 640 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) |
641 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "tls"
); | 641 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1"); |
642 | 642 |
643 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest
sUpgrade && url.protocolIs("http")) { | 643 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest
sUpgrade && url.protocolIs("http")) { |
644 ASSERT(m_document->insecureNavigationsToUpgrade()); | 644 ASSERT(m_document->insecureNavigationsToUpgrade()); |
645 | 645 |
646 // We always upgrade requests that meet any of the following criteria: | 646 // We always upgrade requests that meet any of the following criteria: |
647 // | 647 // |
648 // 1. Are for subresources (including nested frames). | 648 // 1. Are for subresources (including nested frames). |
649 // 2. Are form submissions. | 649 // 2. Are form submissions. |
650 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | 650 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
651 const ResourceRequest& request = fetchRequest.resourceRequest(); | 651 const ResourceRequest& request = fetchRequest.resourceRequest(); |
652 if (request.frameType() == WebURLRequest::FrameTypeNone | 652 if (request.frameType() == WebURLRequest::FrameTypeNone |
653 || request.frameType() == WebURLRequest::FrameTypeNested | 653 || request.frameType() == WebURLRequest::FrameTypeNested |
654 || request.requestContext() == WebURLRequest::RequestContextForm | 654 || request.requestContext() == WebURLRequest::RequestContextForm |
655 || (!url.host().isNull() && m_document->insecureNavigationsToUpgrade
()->contains(url.host().impl()->hash()))) | 655 || (!url.host().isNull() && m_document->insecureNavigationsToUpgrade
()->contains(url.host().impl()->hash()))) |
656 { | 656 { |
657 url.setProtocol("https"); | 657 url.setProtocol("https"); |
658 if (url.port() == 80) | 658 if (url.port() == 80) |
659 url.setPort(443); | 659 url.setPort(443); |
660 fetchRequest.mutableResourceRequest().setURL(url); | 660 fetchRequest.mutableResourceRequest().setURL(url); |
661 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgraded",
"1"); | |
662 } | 661 } |
663 } | 662 } |
664 } | 663 } |
665 | 664 |
666 void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) | 665 void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) |
667 { | 666 { |
668 if (!frame() || !RuntimeEnabledFeatures::clientHintsEnabled() || !m_document
) | 667 if (!frame() || !RuntimeEnabledFeatures::clientHintsEnabled() || !m_document
) |
669 return; | 668 return; |
670 | 669 |
671 if (frame()->shouldSendDPRHint()) | 670 if (frame()->shouldSendDPRHint()) |
672 fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicSt
ring(String::number(m_document->devicePixelRatio()))); | 671 fetchRequest.mutableResourceRequest().addHTTPHeaderField("DPR", AtomicSt
ring(String::number(m_document->devicePixelRatio()))); |
673 | 672 |
674 // FIXME: Send the RW hint based on the actual resource width, when we have
it. | 673 // FIXME: Send the RW hint based on the actual resource width, when we have
it. |
675 if (frame()->shouldSendRWHint() && frame()->view()) | 674 if (frame()->shouldSendRWHint() && frame()->view()) |
676 fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicStr
ing(String::number(frame()->view()->viewportWidth()))); | 675 fetchRequest.mutableResourceRequest().addHTTPHeaderField("RW", AtomicStr
ing(String::number(frame()->view()->viewportWidth()))); |
677 } | 676 } |
678 | 677 |
679 DEFINE_TRACE(FrameFetchContext) | 678 DEFINE_TRACE(FrameFetchContext) |
680 { | 679 { |
681 visitor->trace(m_document); | 680 visitor->trace(m_document); |
682 FetchContext::trace(visitor); | 681 FetchContext::trace(visitor); |
683 } | 682 } |
684 | 683 |
685 } // namespace blink | 684 } // namespace blink |
OLD | NEW |