Source/core/loader/FrameFetchContext.cpp - Issue 1032473002: Ship "Upgrade Insecure Requests".

Side by Side Diff: Source/core/loader/FrameFetchContext.cpp

Issue 1032473002: Ship "Upgrade Insecure Requests". (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: CSPTest Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « Source/core/frame/csp/ContentSecurityPolicyTest.cpp ('k') | no next file » | no next file with comments »

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2013 Google Inc. All rights reserved.	2 * Copyright (C) 2013 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 607 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
618 return m_document ? m_document->securityOrigin() : nullptr;	618 return m_document ? m_document->securityOrigin() : nullptr;

619 }	619 }

620	620

621 String FrameFetchContext::charset() const	621 String FrameFetchContext::charset() const

622 {	622 {

623 return m_document ? m_document->charset().string() : String();	623 return m_document ? m_document->charset().string() : String();

624 }	624 }

625	625

626 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest)	626 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest)

627 {	627 {

628 if (!m_document \|\| !RuntimeEnabledFeatures::experimentalContentSecurityPolic yFeaturesEnabled())	628 if (!m_document)

629 return;	629 return;

630	630

631 KURL url = fetchRequest.resourceRequest().url();	631 KURL url = fetchRequest.resourceRequest().url();

632	632

633 // Tack an 'HTTPS' header to outgoing navigational requests, as described in	633 // Tack an 'HTTPS' header to outgoing navigational requests, as described in

634 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect	634 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect

635 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo ne)	635 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo ne)

636 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1");	636 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1");

637	637

638 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest sUpgrade && url.protocolIs("http")) {	638 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest sUpgrade && url.protocolIs("http")) {

(...skipping 41 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
680 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active" );	680 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active" );

681 }	681 }

682	682

683 DEFINE_TRACE(FrameFetchContext)	683 DEFINE_TRACE(FrameFetchContext)

684 {	684 {

685 visitor->trace(m_document);	685 visitor->trace(m_document);

686 FetchContext::trace(visitor);	686 FetchContext::trace(visitor);

687 }	687 }

688	688

689 } // namespace blink	689 } // namespace blink

OLD	NEW