| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 776 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 787 TransportSecurityState* security_state = | 787 TransportSecurityState* security_state = |
| 788 request_->context()->transport_security_state(); | 788 request_->context()->transport_security_state(); |
| 789 const SSLInfo& ssl_info = response_info_->ssl_info; | 789 const SSLInfo& ssl_info = response_info_->ssl_info; |
| 790 | 790 |
| 791 // Only accept HSTS headers on HTTPS connections that have no | 791 // Only accept HSTS headers on HTTPS connections that have no |
| 792 // certificate errors. | 792 // certificate errors. |
| 793 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 793 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || |
| 794 !security_state) | 794 !security_state) |
| 795 return; | 795 return; |
| 796 | 796 |
| 797 // Don't accept HSTS headers when the hostname is an IP address. | |
| 798 if (request_info_.url.HostIsIPAddress()) | |
| 799 return; | |
| 800 | |
| 801 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: | 797 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: |
| 802 // | 798 // |
| 803 // If a UA receives more than one STS header field in a HTTP response | 799 // If a UA receives more than one STS header field in a HTTP response |
| 804 // message over secure transport, then the UA MUST process only the | 800 // message over secure transport, then the UA MUST process only the |
| 805 // first such header field. | 801 // first such header field. |
| 806 HttpResponseHeaders* headers = GetResponseHeaders(); | 802 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 807 std::string value; | 803 std::string value; |
| 808 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) | 804 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) |
| 809 security_state->AddHSTSHeader(request_info_.url.host(), value); | 805 security_state->AddHSTSHeader(request_info_.url.host(), value); |
| 810 } | 806 } |
| 811 | 807 |
| 812 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { | 808 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { |
| 813 DCHECK(response_info_); | 809 DCHECK(response_info_); |
| 814 TransportSecurityState* security_state = | 810 TransportSecurityState* security_state = |
| 815 request_->context()->transport_security_state(); | 811 request_->context()->transport_security_state(); |
| 816 const SSLInfo& ssl_info = response_info_->ssl_info; | 812 const SSLInfo& ssl_info = response_info_->ssl_info; |
| 817 | 813 |
| 818 // Only accept HPKP headers on HTTPS connections that have no | 814 // Only accept HPKP headers on HTTPS connections that have no |
| 819 // certificate errors. | 815 // certificate errors. |
| 820 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 816 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || |
| 821 !security_state) | 817 !security_state) |
| 822 return; | 818 return; |
| 823 | 819 |
| 824 // Don't accept HSTS headers when the hostname is an IP address. | |
| 825 if (request_info_.url.HostIsIPAddress()) | |
| 826 return; | |
| 827 | |
| 828 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: | 820 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: |
| 829 // | 821 // |
| 830 // If a UA receives more than one PKP header field in an HTTP | 822 // If a UA receives more than one PKP header field in an HTTP |
| 831 // response message over secure transport, then the UA MUST process | 823 // response message over secure transport, then the UA MUST process |
| 832 // only the first such header field. | 824 // only the first such header field. |
| 833 HttpResponseHeaders* headers = GetResponseHeaders(); | 825 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 834 std::string value; | 826 std::string value; |
| 835 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value)) | 827 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value)) |
| 836 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); | 828 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); |
| 837 } | 829 } |
| (...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1495 return override_response_headers_.get() ? | 1487 return override_response_headers_.get() ? |
| 1496 override_response_headers_.get() : | 1488 override_response_headers_.get() : |
| 1497 transaction_->GetResponseInfo()->headers.get(); | 1489 transaction_->GetResponseInfo()->headers.get(); |
| 1498 } | 1490 } |
| 1499 | 1491 |
| 1500 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1492 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
| 1501 awaiting_callback_ = false; | 1493 awaiting_callback_ = false; |
| 1502 } | 1494 } |
| 1503 | 1495 |
| 1504 } // namespace net | 1496 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1066613002:
Revert of Don't process HSTS/HPKP headers when host is an IP address (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master