| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 566 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 577 return m_document ? m_document->securityOrigin() : nullptr; | 577 return m_document ? m_document->securityOrigin() : nullptr; |
| 578 } | 578 } |
| 579 | 579 |
| 580 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) | 580 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) |
| 581 { | 581 { |
| 582 KURL url = fetchRequest.resourceRequest().url(); | 582 KURL url = fetchRequest.resourceRequest().url(); |
| 583 | 583 |
| 584 // Tack an 'HTTPS' header to outgoing navigational requests, as described in | 584 // Tack an 'HTTPS' header to outgoing navigational requests, as described in |
| 585 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 585 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
| 586 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) | 586 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) |
| 587 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1"); | 587 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecu
re-Requests", "1"); |
| 588 | 588 |
| 589 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I
nsecureRequestsUpgrade && url.protocolIs("http")) { | 589 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I
nsecureRequestsUpgrade && url.protocolIs("http")) { |
| 590 ASSERT(m_document->insecureNavigationsToUpgrade()); | 590 ASSERT(m_document->insecureNavigationsToUpgrade()); |
| 591 | 591 |
| 592 // We always upgrade requests that meet any of the following criteria: | 592 // We always upgrade requests that meet any of the following criteria: |
| 593 // | 593 // |
| 594 // 1. Are for subresources (including nested frames). | 594 // 1. Are for subresources (including nested frames). |
| 595 // 2. Are form submissions. | 595 // 2. Are form submissions. |
| 596 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | 596 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
| 597 const ResourceRequest& request = fetchRequest.resourceRequest(); | 597 const ResourceRequest& request = fetchRequest.resourceRequest(); |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 662 } | 662 } |
| 663 | 663 |
| 664 DEFINE_TRACE(FrameFetchContext) | 664 DEFINE_TRACE(FrameFetchContext) |
| 665 { | 665 { |
| 666 visitor->trace(m_document); | 666 visitor->trace(m_document); |
| 667 visitor->trace(m_documentLoader); | 667 visitor->trace(m_documentLoader); |
| 668 FetchContext::trace(visitor); | 668 FetchContext::trace(visitor); |
| 669 } | 669 } |
| 670 | 670 |
| 671 } // namespace blink | 671 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1239933002:
Merge 198924 "UPGRADE: Rename the 'https' header." (Closed)
Base URL: svn://svn.chromium.org/blink/branches/chromium/2454/