Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2509)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/http_stream_factory_impl.cc

Issue 1580583002: Add a whitelist for QUIC hosts. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix comments Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/http_stream_factory_impl.h ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/http_stream_factory_impl.cc
diff --git a/net/http/http_stream_factory_impl.cc b/net/http/http_stream_factory_impl.cc
index 12d14a2fd7b385018745b1eae01180ba6f49ed7b..4ae083e82480483e4b819d87b3494ff5940b4069 100644
--- a/net/http/http_stream_factory_impl.cc
+++ b/net/http/http_stream_factory_impl.cc
@@ -8,11 +8,13 @@
#include "base/logging.h"
#include "base/stl_util.h"
+#include "base/strings/string_util.h"
#include "net/base/net_util.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties.h"
#include "net/http/http_stream_factory_impl_job.h"
#include "net/http/http_stream_factory_impl_request.h"
+#include "net/http/transport_security_state.h"
#include "net/log/net_log.h"
#include "net/quic/quic_server_id.h"
#include "net/spdy/spdy_http_stream.h"
@@ -285,6 +287,9 @@ AlternativeService HttpStreamFactoryImpl::GetAlternativeServiceFor(
server_id, request_info.privacy_mode, origin_host))
return alternative_service;
+ if (!IsQuicWhitelistedForHost(destination.host()))
+ continue;
+
// Cache this entry if we don't have a non-broken Alt-Svc yet.
if (first_alternative_service.protocol == UNINITIALIZED_ALTERNATE_PROTOCOL)
first_alternative_service = alternative_service;
@@ -365,4 +370,18 @@ void HttpStreamFactoryImpl::OnPreconnectsComplete(const Job* job) {
OnPreconnectsCompleteInternal();
}
+bool HttpStreamFactoryImpl::IsQuicWhitelistedForHost(const std::string& host) {
+ if (session_->params().transport_security_state->IsGooglePinnedHost(host)) {
+ return true;
+ }
Ryan Sleevi 2016/01/11 23:54:26 nit: This file uses no braces for single-line cond
Ryan Hamilton 2016/01/12 00:22:46 Indeed! I had a LOG(INFO) there and when I removed
+
+ for (const std::string& white : session_->params().quic_host_whitelist) {
Ryan Sleevi 2016/01/11 23:54:27 s/white/whitelisted_host/ Just the color name doe
Ryan Hamilton 2016/01/12 00:22:46 Agreed. (though this code is now gone.)
+ if (host == white)
Ryan Sleevi 2016/01/11 23:54:27 Is |host| guaranteed to be normalized? What about
Ryan Hamilton 2016/01/12 00:22:46 Hopefully, this will always be empty, but if it's
+ return true;
+ }
+
+ return base::EndsWith(host, ".snapchat.com",
Ryan Sleevi 2016/01/11 23:54:27 What about trailing dots? (.snapchat.com.) - do th
Ryan Hamilton 2016/01/12 00:22:46 they don't matter in this case.
+ base::CompareCase::INSENSITIVE_ASCII);
Ryan Sleevi 2016/01/11 23:54:27 If it's normalized (line 379), then you should be
Ryan Hamilton 2016/01/12 00:22:46 Done.
+}
+
} // namespace net
« no previous file with comments | « net/http/http_stream_factory_impl.h ('k') | net/http/transport_security_state.h » ('j') | net/http/transport_security_state.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698