Chromium Code Reviews Chromium Code Reviews
Issue 115803003:
Add a check that we don't send a secure referrer to an insecure URL (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request.h" | 5 #include "net/url_request/url_request.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback.h" | 9 #include "base/callback.h" |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 666 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 677 job_->SetPriority(priority_); | 677 job_->SetPriority(priority_); |
| 678 | 678 |
| 679 if (upload_data_stream_.get()) | 679 if (upload_data_stream_.get()) |
| 680 job_->SetUpload(upload_data_stream_.get()); | 680 job_->SetUpload(upload_data_stream_.get()); |
| 681 | 681 |
| 682 is_pending_ = true; | 682 is_pending_ = true; |
| 683 is_redirecting_ = false; | 683 is_redirecting_ = false; |
| 684 | 684 |
| 685 response_info_.was_cached = false; | 685 response_info_.was_cached = false; |
| 686 | 686 |
| 687 // If the referrer is secure, but the requested URL is not, the referrer | |
| 688 // policy should be something non-default. If you hit this, please file a | |
| 689 // bug. | |
| 690 CHECK(!(GURL(referrer_).SchemeIsSecure() && !url().SchemeIsSecure()) || | |
| 691 referrer_policy_ != | |
| 692 CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE); | |
|
mef
2013/12/16 16:39:01
I'd keep it as DCHECK to avoid non-critical crashe
jochen (gone - plz use gerrit)
2013/12/16 19:25:51
IMO a DCHECK is almost pointless. And it is a cri
| |
| 693 | |
| 687 // Don't allow errors to be sent from within Start(). | 694 // Don't allow errors to be sent from within Start(). |
| 688 // TODO(brettw) this may cause NotifyDone to be sent synchronously, | 695 // TODO(brettw) this may cause NotifyDone to be sent synchronously, |
| 689 // we probably don't want this: they should be sent asynchronously so | 696 // we probably don't want this: they should be sent asynchronously so |
| 690 // the caller does not get reentered. | 697 // the caller does not get reentered. |
| 691 job_->Start(); | 698 job_->Start(); |
| 692 } | 699 } |
| 693 | 700 |
| 694 void URLRequest::Restart() { | 701 void URLRequest::Restart() { |
| 695 // Should only be called if the original job didn't make any progress. | 702 // Should only be called if the original job didn't make any progress. |
| 696 DCHECK(job_.get() && !job_->has_response_started()); | 703 DCHECK(job_.get() && !job_->has_response_started()); |
| (...skipping 494 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1191 new base::debug::StackTrace(NULL, 0); | 1198 new base::debug::StackTrace(NULL, 0); |
| 1192 *stack_trace_copy = stack_trace; | 1199 *stack_trace_copy = stack_trace; |
| 1193 stack_trace_.reset(stack_trace_copy); | 1200 stack_trace_.reset(stack_trace_copy); |
| 1194 } | 1201 } |
| 1195 | 1202 |
| 1196 const base::debug::StackTrace* URLRequest::stack_trace() const { | 1203 const base::debug::StackTrace* URLRequest::stack_trace() const { |
| 1197 return stack_trace_.get(); | 1204 return stack_trace_.get(); |
| 1198 } | 1205 } |
| 1199 | 1206 |
| 1200 } // namespace net | 1207 } // namespace net |
| OLD | NEW |
