OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 565 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
576 return m_document ? m_document->charset().string() : String(); | 576 return m_document ? m_document->charset().string() : String(); |
577 } | 577 } |
578 | 578 |
579 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) | 579 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) |
580 { | 580 { |
581 KURL url = fetchRequest.resourceRequest().url(); | 581 KURL url = fetchRequest.resourceRequest().url(); |
582 | 582 |
583 // Tack an 'HTTPS' header to outgoing navigational requests, as described in | 583 // Tack an 'HTTPS' header to outgoing navigational requests, as described in |
584 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 584 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
585 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) | 585 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) |
586 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1"); | 586 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecu
re-Requests", "1"); |
587 | 587 |
588 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I
nsecureRequestsUpgrade && url.protocolIs("http")) { | 588 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I
nsecureRequestsUpgrade && url.protocolIs("http")) { |
589 ASSERT(m_document->insecureNavigationsToUpgrade()); | 589 ASSERT(m_document->insecureNavigationsToUpgrade()); |
590 | 590 |
591 // We always upgrade requests that meet any of the following criteria: | 591 // We always upgrade requests that meet any of the following criteria: |
592 // | 592 // |
593 // 1. Are for subresources (including nested frames). | 593 // 1. Are for subresources (including nested frames). |
594 // 2. Are form submissions. | 594 // 2. Are form submissions. |
595 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | 595 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
596 const ResourceRequest& request = fetchRequest.resourceRequest(); | 596 const ResourceRequest& request = fetchRequest.resourceRequest(); |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
636 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active"
); | 636 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active"
); |
637 } | 637 } |
638 | 638 |
639 DEFINE_TRACE(FrameFetchContext) | 639 DEFINE_TRACE(FrameFetchContext) |
640 { | 640 { |
641 visitor->trace(m_document); | 641 visitor->trace(m_document); |
642 FetchContext::trace(visitor); | 642 FetchContext::trace(visitor); |
643 } | 643 } |
644 | 644 |
645 } // namespace blink | 645 } // namespace blink |
OLD | NEW |