OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 648 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
659 | 659 |
660 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) | 660 void FrameFetchContext::upgradeInsecureRequest(FetchRequest& fetchRequest) |
661 { | 661 { |
662 KURL url = fetchRequest.resourceRequest().url(); | 662 KURL url = fetchRequest.resourceRequest().url(); |
663 | 663 |
664 // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational reque
sts, as described in | 664 // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational reque
sts, as described in |
665 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 665 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
666 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) | 666 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo
ne) |
667 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecu
re-Requests", "1"); | 667 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Upgrade-Insecu
re-Requests", "1"); |
668 | 668 |
669 if (m_document && m_document->getInsecureRequestsPolicy() == SecurityContext
::InsecureRequestsUpgrade && url.protocolIs("http")) { | 669 // If we don't yet have an |m_document| (because we're loading an iframe, fo
r instance), check the FrameLoader's policy. |
670 ASSERT(m_document->insecureNavigationsToUpgrade()); | 670 SecurityContext::InsecureRequestsPolicy relevantPolicy = m_document ? m_docu
ment->getInsecureRequestsPolicy() : frame()->loader().getInsecureRequestsPolicy(
); |
| 671 SecurityContext::InsecureNavigationsSet* relevantNavigationSet = m_document
? m_document->insecureNavigationsToUpgrade() : frame()->loader().insecureNavigat
ionsToUpgrade(); |
671 | 672 |
| 673 if (url.protocolIs("http") && relevantPolicy == SecurityContext::InsecureReq
uestsUpgrade) { |
672 // We always upgrade requests that meet any of the following criteria: | 674 // We always upgrade requests that meet any of the following criteria: |
673 // | 675 // |
674 // 1. Are for subresources (including nested frames). | 676 // 1. Are for subresources (including nested frames). |
675 // 2. Are form submissions. | 677 // 2. Are form submissions. |
676 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | 678 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
677 const ResourceRequest& request = fetchRequest.resourceRequest(); | 679 const ResourceRequest& request = fetchRequest.resourceRequest(); |
678 if (request.frameType() == WebURLRequest::FrameTypeNone | 680 if (request.frameType() == WebURLRequest::FrameTypeNone |
679 || request.frameType() == WebURLRequest::FrameTypeNested | 681 || request.frameType() == WebURLRequest::FrameTypeNested |
680 || request.requestContext() == WebURLRequest::RequestContextForm | 682 || request.requestContext() == WebURLRequest::RequestContextForm |
681 || (!url.host().isNull() && m_document->insecureNavigationsToUpgrade
()->contains(url.host().impl()->hash()))) | 683 || (!url.host().isNull() && relevantNavigationSet->contains(url.host
().impl()->hash()))) |
682 { | 684 { |
683 UseCounter::count(m_document, UseCounter::UpgradeInsecureRequestsUpg
radedRequest); | 685 UseCounter::count(m_document, UseCounter::UpgradeInsecureRequestsUpg
radedRequest); |
684 url.setProtocol("https"); | 686 url.setProtocol("https"); |
685 if (url.port() == 80) | 687 if (url.port() == 80) |
686 url.setPort(443); | 688 url.setPort(443); |
687 fetchRequest.mutableResourceRequest().setURL(url); | 689 fetchRequest.mutableResourceRequest().setURL(url); |
688 } | 690 } |
689 } | 691 } |
690 } | 692 } |
691 | 693 |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
814 } | 816 } |
815 | 817 |
816 DEFINE_TRACE(FrameFetchContext) | 818 DEFINE_TRACE(FrameFetchContext) |
817 { | 819 { |
818 visitor->trace(m_document); | 820 visitor->trace(m_document); |
819 visitor->trace(m_documentLoader); | 821 visitor->trace(m_documentLoader); |
820 FetchContext::trace(visitor); | 822 FetchContext::trace(visitor); |
821 } | 823 } |
822 | 824 |
823 } // namespace blink | 825 } // namespace blink |
OLD | NEW |