OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/ssl/expect_ct_reporter.h" |
| 6 |
| 7 #include <string> |
| 8 |
| 9 #include "net/http/http_response_headers.h" |
| 10 #include "net/http/transport_security_state.h" |
| 11 #include "net/url_request/certificate_report_sender.h" |
| 12 #include "net/url_request/url_request.h" |
| 13 #include "net/url_request/url_request_context.h" |
| 14 |
| 15 ExpectCTReporter::ExpectCTReporter( |
| 16 net::URLRequestContext* request_context, |
| 17 net::TransportSecurityState* transport_security_state) |
| 18 : report_sender_(new net::CertificateReportSender( |
| 19 request_context, |
| 20 net::CertificateReportSender::DO_NOT_SEND_COOKIES)), |
| 21 transport_security_state_(transport_security_state) {} |
| 22 |
| 23 ExpectCTReporter::~ExpectCTReporter() {} |
| 24 |
| 25 void ExpectCTReporter::OnCTComplianceFailed(net::URLRequest* request) { |
| 26 net::TransportSecurityState::ExpectCTState expect_ct_state; |
| 27 if (!transport_security_state_->GetStaticExpectCTState(request->url().host(), |
| 28 &expect_ct_state)) { |
| 29 // The host for this request is not on the Expect CT preload list, |
| 30 // so do nothing. |
| 31 return; |
| 32 } |
| 33 |
| 34 net::HttpResponseHeaders* response_headers = request->response_headers(); |
| 35 std::string value; |
| 36 if (!response_headers->EnumerateHeader(nullptr, "Expect-CT", &value) || |
| 37 value != "preload") { |
| 38 // The preload list alone is not enough to opt a server in to expect |
| 39 // CT; the server is not sending the Expect-CT header, so it has |
| 40 // effectively opted out. |
| 41 return; |
| 42 } |
| 43 |
| 44 // TODO(estark): build and send a report about the policy violation. |
| 45 } |
OLD | NEW |