Chromium Code Reviews Chromium Code Reviews
Issue 2053693002:
WIP: Move 'Upgrade-Insecure-Requests' to the browser process.
Base URL: https://chromium.googlesource.com/chromium/src.git@replicate| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "content/browser/net/insecure_request_interceptor.h" | |
| 6 | |
| 7 #include "net/base/network_delegate.h" | |
| 8 #include "net/url_request/url_request.h" | |
| 9 #include "net/url_request/url_request_redirect_job.h" | |
| 10 #include "url/gurl.h" | |
| 11 #include "url/url_constants.h" | |
| 12 | |
| 13 namespace content { | |
| 14 | |
| 15 namespace { | |
| 16 | |
| 17 const char* kUpgradeReason = "Upgrade"; | |
| 18 | |
| 19 } // namespace | |
| 20 | |
| 21 InsecureRequestInterceptor::InsecureRequestInterceptor() {} | |
| 22 | |
| 23 InsecureRequestInterceptor::~InsecureRequestInterceptor() {} | |
| 24 | |
| 25 net::URLRequestJob* InsecureRequestInterceptor::MaybeInterceptRequest( | |
| 26 net::URLRequest* request, | |
| 27 net::NetworkDelegate* delegate) const { | |
| 28 // printf("\n\nMaybeInterceptRequest: %s\n", request->url().spec().c_str()); | |
| 29 return MaybeUpgradeRequest(request, delegate, request->url()); | |
| 30 } | |
| 31 | |
| 32 net::URLRequestJob* InsecureRequestInterceptor::MaybeInterceptRedirect( | |
| 33 net::URLRequest* request, | |
| 34 net::NetworkDelegate* delegate, | |
| 35 const GURL& url) const { | |
| 36 // printf("\n\nMaybeInterceptRedirect: %s => %s\n", | |
| 37 // request->url().spec().c_str(), url.spec().c_str()); | |
| 38 return MaybeUpgradeRequest(request, delegate, url); | |
| 39 } | |
| 40 | |
| 41 net::URLRequestJob* InsecureRequestInterceptor::MaybeUpgradeRequest( | |
| 42 net::URLRequest* request, | |
| 43 net::NetworkDelegate* delegate, | |
| 44 const GURL& url) { | |
| 45 // TODO(mkwst): This is only a light modification of the logic in | |
| 46 // 'URLRequest::GetHSTSRedirect'. We could fairly simply move HSTS | |
| 47 // here as well to do all of our insecure request interception in | |
| 48 // one place. Until then, we're only looking at UIR, so quit early | |
| 49 // if it doesn't apply: | |
| 50 // printf("- Policy: %d, Initiator: %s\n", | |
| 51 // request->insecure_request_policy(), | |
| 52 // request->initiator().Serialize().c_str()); | |
| 53 if (request->insecure_request_policy() == | |
| 54 net::URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS || | |
| 55 (request->insecure_request_policy() == | |
| 56 net::URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS && | |
| 57 url.host() != request->initiator().host())) { | |
| 58 return nullptr; | |
| 59 } | |
| 60 bool scheme_is_http = url.SchemeIs(url::kHttpScheme); | |
| 61 if (scheme_is_http || url.SchemeIs(url::kWsScheme)) { | |
|
mmenke
2016/06/14 18:49:31
I'm not all that familiar with websocket requests,
| |
| 62 GURL::Replacements replacements; | |
| 63 replacements.SetSchemeStr(scheme_is_http ? url::kHttpsScheme | |
| 64 : url::kWssScheme); | |
| 65 GURL redirect_to(url.ReplaceComponents(replacements)); | |
| 66 | |
| 67 return new net::URLRequestRedirectJob( | |
| 68 request, delegate, redirect_to, | |
| 69 net::URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT, | |
| 70 kUpgradeReason); | |
| 71 } | |
| 72 | |
| 73 return nullptr; | |
| 74 } | |
| 75 | |
| 76 } // namespace content | |
| OLD | NEW |
