Revert 188912 "Removed static factories for data, ftp, file, and..."

trunk/src/net/url_request/url_request_http_job.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_http_job.h"
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
@@ skipping 25 matching lines @@
 #include "net/http/http_transaction_delegate.h"
 #include "net/http/http_transaction_factory.h"
 #include "net/http/http_util.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_config_service.h"
 #include "net/url_request/fraudulent_certificate_reporter.h"
 #include "net/url_request/http_user_agent_settings.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_error_job.h"
-#include "net/url_request/url_request_job_factory.h"
 #include "net/url_request/url_request_redirect_job.h"
 #include "net/url_request/url_request_throttler_header_adapter.h"
 #include "net/url_request/url_request_throttler_manager.h"
 
 static const char kAvailDictionaryHeader[] = "Avail-Dictionary";
 
 namespace net {
 
 class URLRequestHttpJob::HttpFilterContext : public FilterContext {
  public:
@@ skipping 950 matching lines @@
   // some decoding, as some proxies strip encoding completely. In such cases,
   // we may need to add (for example) SDCH filtering (when the context suggests
   // it is appropriate).
   Filter::FixupEncodingTypes(*filter_context_, &encoding_types);
 
   return !encoding_types.empty()
       ? Filter::Factory(encoding_types, *filter_context_) : NULL;
 }
 
 bool URLRequestHttpJob::IsSafeRedirect(const GURL& location) {
-  // HTTP is always safe.
-  // TODO(pauljensen): Remove once crbug.com/146591 is fixed.
-  if (location.is_valid() &&
-      (location.scheme() == "http" || location.scheme() == "https")) {
+  // We only allow redirects to certain "safe" protocols.  This does not
+  // restrict redirects to externally handled protocols.  Our consumer would
+  // need to take care of those.
+
+  if (!URLRequest::IsHandledURL(location))
     return true;
+
+  static const char* kSafeSchemes[] = {
+    "http",
+    "https",
+    "ftp"
+  };
+
+  for (size_t i = 0; i < arraysize(kSafeSchemes); ++i) {
+    if (location.SchemeIs(kSafeSchemes[i]))
+      return true;
   }
-  // Query URLRequestJobFactory as to whether |location| would be safe to
-  // redirect to.
-  return request_->context()->job_factory() &&
-      request_->context()->job_factory()->IsSafeRedirectTarget(location);
+
+  return false;
 }
 
 bool URLRequestHttpJob::NeedsAuth() {
   int code = GetResponseCode();
   if (code == -1)
     return false;
 
   // Check if we need either Proxy or WWW Authentication.  This could happen
   // because we either provided no auth info, or provided incorrect info.
   switch (code) {
@@ skipping 525 matching lines @@
 
 void URLRequestHttpJob::NotifyURLRequestDestroyed() {
   awaiting_callback_ = false;
 }
 
 void URLRequestHttpJob::OnDetachRequest() {
   http_transaction_delegate_->OnDetachRequest();
 }
 
 }  // namespace net