net/url_request/url_request_http_job.cc - Issue 1266723003: Process Public-Key-Pin-Report-Only headers

Side by Side Diff: net/url_request/url_request_http_job.cc

Issue 1266723003: Process Public-Key-Pin-Report-Only headers (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/url_request/url_request_http_job.h"	5 #include "net/url_request/url_request_http_job.h"

6	6

7 #include "base/base_switches.h"	7 #include "base/base_switches.h"

8 #include "base/bind.h"	8 #include "base/bind.h"

9 #include "base/bind_helpers.h"	9 #include "base/bind_helpers.h"

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 865 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
876 // Only accept HPKP headers on HTTPS connections that have no	876 // Only accept HPKP headers on HTTPS connections that have no

877 // certificate errors.	877 // certificate errors.

878 if (!ssl_info.is_valid() \|\| IsCertStatusError(ssl_info.cert_status) \|\|	878 if (!ssl_info.is_valid() \|\| IsCertStatusError(ssl_info.cert_status) \|\|

879 !security_state)	879 !security_state)

880 return;	880 return;

881	881

882 // Don't accept HSTS headers when the hostname is an IP address.	882 // Don't accept HSTS headers when the hostname is an IP address.

883 if (request_info_.url.HostIsIPAddress())	883 if (request_info_.url.HostIsIPAddress())

884 return;	884 return;

885	885

886 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning:	886 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning:
	Ryan Sleevi 2015/07/30 01:52:17 While you're here, do you mind updating this to RF While you're here, do you mind updating this to RFC 7469? And any other places we have this URL? :) estark 2015/07/31 00:49:44 Done. Show quoted text On 2015/07/30 01:52:17, Ryan Sleevi wrote: > While you're here, do you mind updating this to RFC 7469? And any other places > we have this URL? :) Done.
887 //	887 //

888 // If a UA receives more than one PKP header field in an HTTP	888 // If a UA receives more than one PKP header field in an HTTP

889 // response message over secure transport, then the UA MUST process	889 // response message over secure transport, then the UA MUST process

890 // only the first such header field.	890 // only the first such header field.

891 HttpResponseHeaders* headers = GetResponseHeaders();	891 HttpResponseHeaders* headers = GetResponseHeaders();

892 std::string value;	892 std::string value;

893 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value))	893 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value))
	Ryan Sleevi 2015/07/30 01:52:17 Bonus points for the subtle C++11-ization of chang Bonus points for the subtle C++11-ization of changing this and line 895 to nullptr estark 2015/07/31 00:49:44 Done. Show quoted text On 2015/07/30 01:52:17, Ryan Sleevi wrote: > Bonus points for the subtle C++11-ization of changing this and line 895 to > nullptr Done.
894 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info);	894 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info);

	895 if (headers->EnumerateHeader(NULL, "Public-Key-Pins-Report-Only", &value)) {

	896 security_state->ProcessHPKPReportOnlyHeader(

	897 HostPortPair(request_info_.url.host(), request_info_.url.IntPort()),
	Ryan Sleevi 2015/07/30 01:52:17 You really want HostPortPair::FromURL(request_info You really want HostPortPair::FromURL(request_info_.url). The BUG here is you're using IntPort rather than EffectiveIntPort, for example, and also missing the narrowing cast. estark 2015/07/31 00:49:44 Done. Show quoted text On 2015/07/30 01:52:17, Ryan Sleevi wrote: > You really want HostPortPair::FromURL(request_info_.url). The BUG here is you're > using IntPort rather than EffectiveIntPort, for example, and also missing the > narrowing cast. Done.
	898 value, ssl_info);

	899 }

895 }	900 }

896	901

897 void URLRequestHttpJob::OnStartCompleted(int result) {	902 void URLRequestHttpJob::OnStartCompleted(int result) {

898 RecordTimer();	903 RecordTimer();

899	904

900 // If the request was destroyed, then there is no more work to do.	905 // If the request was destroyed, then there is no more work to do.

901 if (!request_)	906 if (!request_)

902 return;	907 return;

903	908

904 // If the job is done (due to cancellation), can just ignore this	909 // If the job is done (due to cancellation), can just ignore this

(...skipping 646 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1551 return override_response_headers_.get() ?	1556 return override_response_headers_.get() ?

1552 override_response_headers_.get() :	1557 override_response_headers_.get() :

1553 transaction_->GetResponseInfo()->headers.get();	1558 transaction_->GetResponseInfo()->headers.get();

1554 }	1559 }

1555	1560

1556 void URLRequestHttpJob::NotifyURLRequestDestroyed() {	1561 void URLRequestHttpJob::NotifyURLRequestDestroyed() {

1557 awaiting_callback_ = false;	1562 awaiting_callback_ = false;

1558 }	1563 }

1559	1564

1560 } // namespace net	1565 } // namespace net

OLD	NEW

« net/http/transport_security_state_unittest.cc ('K') | « net/http/transport_security_state_unittest.cc ('k') | no next file » | no next file with comments »