Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(579)

Unified Diff: net/url_request/url_request_http_job.cc

Issue 1579063002: Implement a skeleton version of Expect CT reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: remove unnecessary (?) NET_EXPORTs Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 6204faa4d2abc55ccade5d7314c87c8baac2dcb2..abb214e524ba371154b48499c0a967e3aa936b6a 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -350,6 +350,7 @@ void URLRequestHttpJob::NotifyHeadersComplete() {
// The ordering of these calls is not important.
ProcessStrictTransportSecurityHeader();
ProcessPublicKeyPinsHeader();
+ ProcessExpectCTHeader();
// Handle the server notification of a new SDCH dictionary.
SdchManager* sdch_manager(request()->context()->sdch_manager());
@@ -850,6 +851,28 @@ void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {
}
}
+void URLRequestHttpJob::ProcessExpectCTHeader() {
+ DCHECK(response_info_);
+ TransportSecurityState* security_state =
+ request_->context()->transport_security_state();
+ const SSLInfo& ssl_info = response_info_->ssl_info;
+
+ // Only accept Expect CT headers on HTTPS connections that have no
+ // certificate errors.
+ if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) ||
+ !security_state) {
+ return;
+ }
+
+ // Only process the first Expect-CT header value.
+ HttpResponseHeaders* headers = GetResponseHeaders();
+ std::string value;
+ if (headers->EnumerateHeader(nullptr, "Expect-CT", &value)) {
+ security_state->ProcessExpectCTHeader(
+ value, HostPortPair::FromURL(request_info_.url), ssl_info);
+ }
+}
+
void URLRequestHttpJob::OnStartCompleted(int result) {
RecordTimer();

Powered by Google App Engine
This is Rietveld 408576698