Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(56)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2046523005: Introduce WebInsecureRequestPolicy. (Closed)

Created:
4 years, 6 months ago by Mike West
Modified:
4 years, 6 months ago
Reviewers:
Yoav Weiss
CC:
blink-reviews, blink-reviews-api_chromium.org, chromium-reviews, dglazkov+blink, mkwst+watchlist-csp_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Introduce WebInsecureRequestPolicy. This is the first step towards moving some of 'Upgrade-Insecure-Requests' enforcement up to the browser process. It introduces WebInsecureRequestPolicy which aims to represent both 'Upgrade-Insecure-Requests' and 'Block-All-Mixed-Content' as a single bitfield, as they're really two sides of the same coin. This patch uses the new type inside of //core/frame/csp. The next patch will extend usage to 'SecurityContext' (which has a number of dependencies including 'DocumentInit', 'FrameLoader' and etc, which makes it appealing to split out). That will be followed by a patch which replicates the new data to remote frames. With that infrastructure in place, upgrading requests during redirects should be (somewhat) straightforward. [Step 1]: This patch. [Step 2]: https://codereview.chromium.org/2040133003 [Step 3]: https://codereview.chromium.org/2046733003 BUG=617947 R=yoav@yoav.ws Committed: https://crrev.com/78faa7546aa65192af48bc2703791b06a7612eba Cr-Commit-Position: refs/heads/master@{#398497}

Patch Set 1 #

Total comments: 6

Messages

Total messages: 12 (5 generated)
Mike West
Yoav, do you have a few minutes to take a look at this patch?
4 years, 6 months ago (2016-06-07 09:47:59 UTC) #2
Yoav Weiss
LGTM % nits https://codereview.chromium.org/2046523005/diff/1/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp File third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp (right): https://codereview.chromium.org/2046523005/diff/1/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp#newcode188 third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp:188: if (m_insecureRequestPolicy & kUpgradeInsecureRequests) { Can ...
4 years, 6 months ago (2016-06-07 10:30:23 UTC) #3
Mike West
Thanks! A few responses inline. WDYT? https://codereview.chromium.org/2046523005/diff/1/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp File third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp (right): https://codereview.chromium.org/2046523005/diff/1/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp#newcode188 third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp:188: if (m_insecureRequestPolicy & ...
4 years, 6 months ago (2016-06-07 10:39:49 UTC) #4
Yoav Weiss
On 2016/06/07 10:39:49, Mike West (OOO until 30th) wrote: > Thanks! A few responses inline. ...
4 years, 6 months ago (2016-06-07 10:51:47 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/2046523005/1
4 years, 6 months ago (2016-06-08 06:59:56 UTC) #9
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 6 months ago (2016-06-08 07:07:36 UTC) #10
commit-bot: I haz the power
4 years, 6 months ago (2016-06-08 07:09:16 UTC) #12
Message was sent while issue was closed. 
Patchset 1 (id:??) landed as
https://crrev.com/78faa7546aa65192af48bc2703791b06a7612eba
Cr-Commit-Position: refs/heads/master@{#398497}

Powered by Google App Engine
This is Rietveld 408576698