| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 776 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 787 TransportSecurityState* security_state = | 787 TransportSecurityState* security_state = |
| 788 request_->context()->transport_security_state(); | 788 request_->context()->transport_security_state(); |
| 789 const SSLInfo& ssl_info = response_info_->ssl_info; | 789 const SSLInfo& ssl_info = response_info_->ssl_info; |
| 790 | 790 |
| 791 // Only accept HSTS headers on HTTPS connections that have no | 791 // Only accept HSTS headers on HTTPS connections that have no |
| 792 // certificate errors. | 792 // certificate errors. |
| 793 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 793 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || |
| 794 !security_state) | 794 !security_state) |
| 795 return; | 795 return; |
| 796 | 796 |
| 797 // Don't accept HSTS headers when the hostname is an IP address. |
| 798 if (request_info_.url.HostIsIPAddress()) |
| 799 return; |
| 800 |
| 797 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: | 801 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: |
| 798 // | 802 // |
| 799 // If a UA receives more than one STS header field in a HTTP response | 803 // If a UA receives more than one STS header field in a HTTP response |
| 800 // message over secure transport, then the UA MUST process only the | 804 // message over secure transport, then the UA MUST process only the |
| 801 // first such header field. | 805 // first such header field. |
| 802 HttpResponseHeaders* headers = GetResponseHeaders(); | 806 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 803 std::string value; | 807 std::string value; |
| 804 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) | 808 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) |
| 805 security_state->AddHSTSHeader(request_info_.url.host(), value); | 809 security_state->AddHSTSHeader(request_info_.url.host(), value); |
| 806 } | 810 } |
| 807 | 811 |
| 808 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { | 812 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { |
| 809 DCHECK(response_info_); | 813 DCHECK(response_info_); |
| 810 TransportSecurityState* security_state = | 814 TransportSecurityState* security_state = |
| 811 request_->context()->transport_security_state(); | 815 request_->context()->transport_security_state(); |
| 812 const SSLInfo& ssl_info = response_info_->ssl_info; | 816 const SSLInfo& ssl_info = response_info_->ssl_info; |
| 813 | 817 |
| 814 // Only accept HPKP headers on HTTPS connections that have no | 818 // Only accept HPKP headers on HTTPS connections that have no |
| 815 // certificate errors. | 819 // certificate errors. |
| 816 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 820 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || |
| 817 !security_state) | 821 !security_state) |
| 818 return; | 822 return; |
| 819 | 823 |
| 824 // Don't accept HSTS headers when the hostname is an IP address. |
| 825 if (request_info_.url.HostIsIPAddress()) |
| 826 return; |
| 827 |
| 820 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: | 828 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: |
| 821 // | 829 // |
| 822 // If a UA receives more than one PKP header field in an HTTP | 830 // If a UA receives more than one PKP header field in an HTTP |
| 823 // response message over secure transport, then the UA MUST process | 831 // response message over secure transport, then the UA MUST process |
| 824 // only the first such header field. | 832 // only the first such header field. |
| 825 HttpResponseHeaders* headers = GetResponseHeaders(); | 833 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 826 std::string value; | 834 std::string value; |
| 827 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value)) | 835 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value)) |
| 828 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); | 836 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); |
| 829 } | 837 } |
| (...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1487 return override_response_headers_.get() ? | 1495 return override_response_headers_.get() ? |
| 1488 override_response_headers_.get() : | 1496 override_response_headers_.get() : |
| 1489 transaction_->GetResponseInfo()->headers.get(); | 1497 transaction_->GetResponseInfo()->headers.get(); |
| 1490 } | 1498 } |
| 1491 | 1499 |
| 1492 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1500 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
| 1493 awaiting_callback_ = false; | 1501 awaiting_callback_ = false; |
| 1494 } | 1502 } |
| 1495 | 1503 |
| 1496 } // namespace net | 1504 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1059303002:
Don't process HSTS/HPKP headers when host is an IP address (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master