OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 562 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
573 return m_document ? m_document->securityOrigin() : nullptr; | 573 return m_document ? m_document->securityOrigin() : nullptr; |
574 } | 574 } |
575 | 575 |
576 String FrameFetchContext::charset() const | 576 String FrameFetchContext::charset() const |
577 { | 577 { |
578 return m_document ? m_document->charset().string() : String(); | 578 return m_document ? m_document->charset().string() : String(); |
579 } | 579 } |
580 | 580 |
581 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) | 581 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) |
582 { | 582 { |
583 if (!m_document) | |
584 return; | |
585 | |
586 KURL url = fetchRequest.resourceRequest().url(); | 583 KURL url = fetchRequest.resourceRequest().url(); |
587 | 584 |
588 // Tack an 'HTTPS' header to outgoing navigational requests, as described in | 585 // Tack an 'HTTPS' header to outgoing navigational requests, as described in |
589 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 586 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
590 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) | 587 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) |
591 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1"); | 588 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1"); |
592 | 589 |
593 if (m_document->insecureRequestsPolicy() == SecurityContext::InsecureRequest
sUpgrade && url.protocolIs("http")) { | 590 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I
nsecureRequestsUpgrade && url.protocolIs("http")) { |
594 ASSERT(m_document->insecureNavigationsToUpgrade()); | 591 ASSERT(m_document->insecureNavigationsToUpgrade()); |
595 | 592 |
596 // We always upgrade requests that meet any of the following criteria: | 593 // We always upgrade requests that meet any of the following criteria: |
597 // | 594 // |
598 // 1. Are for subresources (including nested frames). | 595 // 1. Are for subresources (including nested frames). |
599 // 2. Are form submissions. | 596 // 2. Are form submissions. |
600 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | 597 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
601 const ResourceRequest& request = fetchRequest.resourceRequest(); | 598 const ResourceRequest& request = fetchRequest.resourceRequest(); |
602 if (request.frameType() == WebURLRequest::FrameTypeNone | 599 if (request.frameType() == WebURLRequest::FrameTypeNone |
603 || request.frameType() == WebURLRequest::FrameTypeNested | 600 || request.frameType() == WebURLRequest::FrameTypeNested |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
641 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active"
); | 638 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active"
); |
642 } | 639 } |
643 | 640 |
644 DEFINE_TRACE(FrameFetchContext) | 641 DEFINE_TRACE(FrameFetchContext) |
645 { | 642 { |
646 visitor->trace(m_document); | 643 visitor->trace(m_document); |
647 FetchContext::trace(visitor); | 644 FetchContext::trace(visitor); |
648 } | 645 } |
649 | 646 |
650 } // namespace blink | 647 } // namespace blink |
OLD | NEW |