Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(184)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_http_job.cc

Issue 103803012: Make HSTS headers not clobber preloaded pins. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Respond to comments and fix compilation errors. Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/resources/net_internals/hsts_view.js ('K') | « net/url_request/url_request.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request_http_job.h" 5 #include "net/url_request/url_request_http_job.h"
6 6
7 #include "base/base_switches.h" 7 #include "base/base_switches.h"
8 #include "base/bind.h" 8 #include "base/bind.h"
9 #include "base/bind_helpers.h" 9 #include "base/bind_helpers.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 823 matching lines...) Expand 10 before | Expand all | Expand 10 after
834 // We encountered an SSL certificate error. 834 // We encountered an SSL certificate error.
835 if (result == ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY || 835 if (result == ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY ||
836 result == ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN) { 836 result == ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN) {
837 // These are hard failures. They're handled separately and don't have 837 // These are hard failures. They're handled separately and don't have
838 // the correct cert status, so set it here. 838 // the correct cert status, so set it here.
839 SSLInfo info(transaction_->GetResponseInfo()->ssl_info); 839 SSLInfo info(transaction_->GetResponseInfo()->ssl_info);
840 info.cert_status = MapNetErrorToCertStatus(result); 840 info.cert_status = MapNetErrorToCertStatus(result);
841 NotifySSLCertificateError(info, true); 841 NotifySSLCertificateError(info, true);
842 } else { 842 } else {
843 // Maybe overridable, maybe not. Ask the delegate to decide. 843 // Maybe overridable, maybe not. Ask the delegate to decide.
844 TransportSecurityState::DomainState domain_state;
845 const URLRequestContext* context = request_->context(); 844 const URLRequestContext* context = request_->context();
846 const bool fatal = context->transport_security_state() && 845 TransportSecurityState* state = context->transport_security_state();
847 context->transport_security_state()->GetDomainState( 846 const bool fatal =
847 state &&
848 state->ShouldSSLErrorsBeFatal(
848 request_info_.url.host(), 849 request_info_.url.host(),
849 SSLConfigService::IsSNIAvailable(context->ssl_config_service()), 850 SSLConfigService::IsSNIAvailable(context->ssl_config_service()));
850 &domain_state) &&
851 domain_state.ShouldSSLErrorsBeFatal();
852 NotifySSLCertificateError( 851 NotifySSLCertificateError(
853 transaction_->GetResponseInfo()->ssl_info, fatal); 852 transaction_->GetResponseInfo()->ssl_info, fatal);
854 } 853 }
855 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { 854 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
856 NotifyCertificateRequested( 855 NotifyCertificateRequested(
857 transaction_->GetResponseInfo()->cert_request_info.get()); 856 transaction_->GetResponseInfo()->cert_request_info.get());
858 } else { 857 } else {
859 // Even on an error, there may be useful information in the response 858 // Even on an error, there may be useful information in the response
860 // info (e.g. whether there's a cached copy). 859 // info (e.g. whether there's a cached copy).
861 if (transaction_.get()) 860 if (transaction_.get())
(...skipping 642 matching lines...) Expand 10 before | Expand all | Expand 10 after
1504 return override_response_headers_.get() ? 1503 return override_response_headers_.get() ?
1505 override_response_headers_.get() : 1504 override_response_headers_.get() :
1506 transaction_->GetResponseInfo()->headers.get(); 1505 transaction_->GetResponseInfo()->headers.get();
1507 } 1506 }
1508 1507
1509 void URLRequestHttpJob::NotifyURLRequestDestroyed() { 1508 void URLRequestHttpJob::NotifyURLRequestDestroyed() {
1510 awaiting_callback_ = false; 1509 awaiting_callback_ = false;
1511 } 1510 }
1512 1511
1513 } // namespace net 1512 } // namespace net
OLDNEW
« chrome/browser/resources/net_internals/hsts_view.js ('K') | « net/url_request/url_request.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698