| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 565 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 576 return m_document ? m_document->charset().string() : String(); | 576 return m_document ? m_document->charset().string() : String(); |
| 577 } | 577 } |
| 578 | 578 |
| 579 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) | 579 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) |
| 580 { | 580 { |
| 581 KURL url = fetchRequest.resourceRequest().url(); | 581 KURL url = fetchRequest.resourceRequest().url(); |
| 582 | 582 |
| 583 // Tack an 'HTTPS' header to outgoing navigational requests, as described in | 583 // Tack an 'HTTPS' header to outgoing navigational requests, as described in |
| 584 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 584 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
| 585 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) | 585 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) |
| 586 fetchRequest.mutableResourceRequest().addHTTPHeaderField("HTTPS", "1"); | 586 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecu
re-Requests", "1"); |
| 587 | 587 |
| 588 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I
nsecureRequestsUpgrade && url.protocolIs("http")) { | 588 if (m_document && m_document->insecureRequestsPolicy() == SecurityContext::I
nsecureRequestsUpgrade && url.protocolIs("http")) { |
| 589 ASSERT(m_document->insecureNavigationsToUpgrade()); | 589 ASSERT(m_document->insecureNavigationsToUpgrade()); |
| 590 | 590 |
| 591 // We always upgrade requests that meet any of the following criteria: | 591 // We always upgrade requests that meet any of the following criteria: |
| 592 // | 592 // |
| 593 // 1. Are for subresources (including nested frames). | 593 // 1. Are for subresources (including nested frames). |
| 594 // 2. Are form submissions. | 594 // 2. Are form submissions. |
| 595 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | 595 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
| 596 const ResourceRequest& request = fetchRequest.resourceRequest(); | 596 const ResourceRequest& request = fetchRequest.resourceRequest(); |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 636 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active"
); | 636 fetchRequest.mutableResourceRequest().addHTTPHeaderField("CSP", "active"
); |
| 637 } | 637 } |
| 638 | 638 |
| 639 DEFINE_TRACE(FrameFetchContext) | 639 DEFINE_TRACE(FrameFetchContext) |
| 640 { | 640 { |
| 641 visitor->trace(m_document); | 641 visitor->trace(m_document); |
| 642 FetchContext::trace(visitor); | 642 FetchContext::trace(visitor); |
| 643 } | 643 } |
| 644 | 644 |
| 645 } // namespace blink | 645 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1287453005:
Merge 198924 "UPGRADE: Rename the 'https' header." (Closed)
Base URL: svn://svn.chromium.org/blink/branches/chromium/2403_901/