OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
574 | 574 |
575 SecurityOrigin* FrameFetchContext::securityOrigin() const | 575 SecurityOrigin* FrameFetchContext::securityOrigin() const |
576 { | 576 { |
577 return m_document ? m_document->securityOrigin() : nullptr; | 577 return m_document ? m_document->securityOrigin() : nullptr; |
578 } | 578 } |
579 | 579 |
580 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) | 580 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) |
581 { | 581 { |
582 KURL url = fetchRequest.resourceRequest().url(); | 582 KURL url = fetchRequest.resourceRequest().url(); |
583 | 583 |
584 // Tack an 'HTTPS' header to outgoing navigational requests, as described in | 584 // Tack an 'HTTPS' header to outgoing navigational requests, as described in |
Avi (use Gerrit)
2015/07/15 04:47:32
This comment is now obsolete.
| |
585 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 585 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
586 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo ne) | 586 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo ne) |
587 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1"); | 587 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecu re-Requests", "1"); |
588 | 588 |
589 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I nsecureRequestsUpgrade && url.protocolIs("http")) { | 589 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I nsecureRequestsUpgrade && url.protocolIs("http")) { |
590 ASSERT(m_document->insecureNavigationsToUpgrade()); | 590 ASSERT(m_document->insecureNavigationsToUpgrade()); |
591 | 591 |
592 // We always upgrade requests that meet any of the following criteria: | 592 // We always upgrade requests that meet any of the following criteria: |
593 // | 593 // |
594 // 1. Are for subresources (including nested frames). | 594 // 1. Are for subresources (including nested frames). |
595 // 2. Are form submissions. | 595 // 2. Are form submissions. |
596 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | 596 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
597 const ResourceRequest& request = fetchRequest.resourceRequest(); | 597 const ResourceRequest& request = fetchRequest.resourceRequest(); |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
662 } | 662 } |
663 | 663 |
664 DEFINE_TRACE(FrameFetchContext) | 664 DEFINE_TRACE(FrameFetchContext) |
665 { | 665 { |
666 visitor->trace(m_document); | 666 visitor->trace(m_document); |
667 visitor->trace(m_documentLoader); | 667 visitor->trace(m_documentLoader); |
668 FetchContext::trace(visitor); | 668 FetchContext::trace(visitor); |
669 } | 669 } |
670 | 670 |
671 } // namespace blink | 671 } // namespace blink |
OLD | NEW |