net/url_request/url_request_http_job.cc - Issue 11192045: Process only the first Strict-Transport-Security header.

Side by Side Diff: net/url_request/url_request_http_job.cc

Issue 11192045: Process only the first Strict-Transport-Security header. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/url_request/url_request_http_job.h"	5 #include "net/url_request/url_request_http_job.h"

6	6

7 #include "base/base_switches.h"	7 #include "base/base_switches.h"

8 #include "base/bind.h"	8 #include "base/bind.h"

9 #include "base/bind_helpers.h"	9 #include "base/bind_helpers.h"

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 682 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
693 // \|GetDomainState\| may have altered \|domain_state\| while searching. If	693 // \|GetDomainState\| may have altered \|domain_state\| while searching. If

694 // not found, start with a fresh state.	694 // not found, start with a fresh state.

695 domain_state.upgrade_mode =	695 domain_state.upgrade_mode =

696 TransportSecurityState::DomainState::MODE_FORCE_HTTPS;	696 TransportSecurityState::DomainState::MODE_FORCE_HTTPS;

697	697

698 HttpResponseHeaders* headers = GetResponseHeaders();	698 HttpResponseHeaders* headers = GetResponseHeaders();

699 std::string value;	699 std::string value;

700 void* iter = NULL;	700 void* iter = NULL;

701 base::Time now = base::Time::Now();	701 base::Time now = base::Time::Now();

702	702

	703 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec:

	704 //

	705 // If a UA receives more than one STS header field in a HTTP response

	706 // message over secure transport, then the UA MUST process only the

	707 // first such header field.

	708 bool seen_sts = false;

703 while (headers->EnumerateHeader(&iter, "Strict-Transport-Security", &value)) {	709 while (headers->EnumerateHeader(&iter, "Strict-Transport-Security", &value)) {

	710 if (seen_sts)

	711 return;

	712 seen_sts = true;

704 TransportSecurityState::DomainState domain_state;	713 TransportSecurityState::DomainState domain_state;

705 if (domain_state.ParseSTSHeader(now, value))	714 if (domain_state.ParseSTSHeader(now, value))

706 security_state->EnableHost(host, domain_state);	715 security_state->EnableHost(host, domain_state);

707 }	716 }

708 }	717 }

709	718

710 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {	719 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {

711 DCHECK(response_info_);	720 DCHECK(response_info_);

712	721

713 const URLRequestContext* ctx = request_->context();	722 const URLRequestContext* ctx = request_->context();

(...skipping 790 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1504	1513

1505 void URLRequestHttpJob::NotifyURLRequestDestroyed() {	1514 void URLRequestHttpJob::NotifyURLRequestDestroyed() {

1506 awaiting_callback_ = false;	1515 awaiting_callback_ = false;

1507 }	1516 }

1508	1517

1509 void URLRequestHttpJob::OnDetachRequest() {	1518 void URLRequestHttpJob::OnDetachRequest() {

1510 http_transaction_delegate_->OnDetachRequest();	1519 http_transaction_delegate_->OnDetachRequest();

1511 }	1520 }

1512	1521

1513 } // namespace net	1522 } // namespace net

OLD	NEW

« net/http/http_util.cc ('K') | « net/http/http_util.cc ('k') | net/url_request/url_request_test_util.cc » ('j') | net/url_request/url_request_unittest.cc » ('J')