WIP: Move 'Upgrade-Insecure-Requests' to the browser process.

net/url_request/url_request.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_URL_REQUEST_URL_REQUEST_H_
 #define NET_URL_REQUEST_URL_REQUEST_H_
 
 #include <stdint.h>
 
 #include <memory>
@@ skipping 101 matching lines @@
 
   // First-party URL redirect policy: During server redirects, the first-party
   // URL for cookies normally doesn't change. However, if the request is a
   // top-level first-party request, the first-party URL should be updated to the
   // URL on every redirect.
   enum FirstPartyURLPolicy {
     NEVER_CHANGE_FIRST_PARTY_URL,
     UPDATE_FIRST_PARTY_URL_ON_REDIRECT,
   };
 
+  // 'Upgrade-Insecure-Requests' gives developers the ability to force some
+  // requests to upgrade themselves to secure transport before hitting the
+  // network (along with any redirects they encounter along the way). The
+  // insecure request policy governs this behavior:
+  //
+  // * DO_NOT_UPGRADE_INSECURE_REQUESTS is the default behavior, which does
+  //   not upgrade insecure request (hence the clever name).
+  //
+  // * UPGRADE_ALL_INSECURE_REQUESTS will upgrade any insecure request to
+  //   secure transport.
+  //
+  // * UPGRADE_SAME_HOST_INSECURE_REQUESTS will upgrade any insecure request
+  //   whose target's host matches the request's initiator's host.
+  //
+  // See https://w3c.github.io/webappsec-upgrade-insecure-requests/ for detail.
+  enum InsecureRequestPolicy {
+    DO_NOT_UPGRADE_INSECURE_REQUESTS,
+    UPGRADE_SAME_HOST_INSECURE_REQUESTS,
+    UPGRADE_ALL_INSECURE_REQUESTS
+  };
+
   // The delegate's methods are called from the message loop of the thread
   // on which the request's Start() method is called. See above for the
   // ordering of callbacks.
   //
   // The callbacks will be called in the following order:
   //   Start()
   //    - OnCertificateRequested* (zero or more calls, if the SSL server and/or
   //      SSL proxy requests a client certificate for authentication)
   //    - OnSSLCertificateError* (zero or one call, if the SSL server's
   //      certificate has an error)
@@ skipping 169 matching lines @@
   // This value is used to perform the cross-origin check specified in Section
   // 4.3 of https://tools.ietf.org/html/draft-west-first-party-cookies.
   //
   // Note: the initiator can be null for browser-initiated top level
   // navigations. This is different from a unique Origin (e.g. in sandboxed
   // iframes).
   const base::Optional<url::Origin>& initiator() const { return initiator_; }
   // This method may only be called before Start().
   void set_initiator(const base::Optional<url::Origin>& initiator);
 
+  // The insecure request policy to apply to this request. This may only be
+  // changed prior to calling Start().
+  InsecureRequestPolicy insecure_request_policy() const {
+    return insecure_request_policy_;
+  }
+  void set_insecure_request_policy(
+      InsecureRequestPolicy insecure_request_policy);

[mmenke, 2016/12/15 19:24:22]

If we see a redirect response with Content-Security-Policy:
upgrade-insecure-requests, should we change the policy?  I guess not?

+
   // The request method, as an uppercase string.  "GET" is the default value.
   // The request method may only be changed before Start() is called and
   // should only be assigned an uppercase value.
   const std::string& method() const { return method_; }
   void set_method(const std::string& method);
 
   // The referrer URL for the request.  This header may actually be suppressed
   // from the underlying network request for security reasons (e.g., a HTTPS
   // URL will not be sent as the referrer for a HTTP request).  The referrer
   // may only be changed before Start() is called.
@@ skipping 323 matching lines @@
   // or after the response headers are received.
   void GetConnectionAttempts(ConnectionAttempts* out) const;
 
   // Gets the over the wire raw header size of the response after https
   // encryption, 0 for cached responses.
   int raw_header_size() const { return raw_header_size_; }
 
   // Returns the error status of the request.
   // Do not use! Going to be protected!
   const URLRequestStatus& status() const { return status_; }
+
  protected:
   // Allow the URLRequestJob class to control the is_pending() flag.
   void set_is_pending(bool value) { is_pending_ = value; }
 
   // Allow the URLRequestJob class to set our status too.
   void set_status(URLRequestStatus status);
 
   // Allow the URLRequestJob to redirect this request.  Returns OK if
   // successful, otherwise an error code is returned.
   int Redirect(const RedirectInfo& redirect_info);
@@ skipping 93 matching lines @@
 
   std::vector<GURL> url_chain_;
   GURL first_party_for_cookies_;
   base::Optional<url::Origin> initiator_;
   GURL delegate_redirect_url_;
   std::string method_;  // "GET", "POST", etc. Should be all uppercase.
   std::string referrer_;
   ReferrerPolicy referrer_policy_;
   std::string token_binding_referrer_;
   FirstPartyURLPolicy first_party_url_policy_;
+  InsecureRequestPolicy insecure_request_policy_;
   HttpRequestHeaders extra_request_headers_;
   int load_flags_;  // Flags indicating the request type for the load;
                     // expected values are LOAD_* enums above.
 
   // Never access methods of the |delegate_| directly. Always use the
   // Notify... methods for this.
   Delegate* delegate_;
 
   // Current error status of the job. When no error has been encountered, this
   // will be SUCCESS. If multiple errors have been encountered, this will be
@@ skipping 75 matching lines @@
 
   // The raw header size of the response.
   int raw_header_size_;
 
   DISALLOW_COPY_AND_ASSIGN(URLRequest);
 };
 
 }  // namespace net
 
 #endif  // NET_URL_REQUEST_URL_REQUEST_H_