WIP: Move 'Upgrade-Insecure-Requests' to the browser process.

net/url_request/url_request_http_job.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/url_request/url_request_http_job.h"
 
 #include <vector>
 
 #include "base/base_switches.h"
 #include "base/bind.h"
@@ skipping 1109 matching lines @@
         return nullptr;
     }
     if (downstream == nullptr)
       return nullptr;
     upstream = std::move(downstream);
   }
 
   return upstream;
 }
 
+RedirectInfo URLRequestHttpJob::ComputeRedirectInfo(const GURL& location,

[estark, 2016/12/15 20:49:54]

Why is this logic in URLRequestHttpJob instead of URLRequestJob with the
referrer policy stuff?

+                                                    int http_status_code) {
+  // If |request|'s insecure request policy matches its URL, then upgrade it
+  // from a non-secure protocol to a secure protocol (e.g. "http" => "https").
+  // See https://www.w3.org/TR/upgrade-insecure-requests/ for details.
+  //
+  // TODO(mkwst): HSTS is currently modeled as a redirect, which makes sense,
+  // given the web-exposed behavior developers currently rely upon. At some
+  // point, however, https://wicg.github.io/hsts-priming/ will change that
+  // expectation. Once those changes are in place, it might make sense to
+  // merge the HSTS logic from 'MaybeInternallyRedirect' into this function.
+  if (request_->insecure_request_policy() ==
+          net::URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS ||
+      location.SchemeIsCryptographic() ||
+      (request_->initiator() &&
+       request_->insecure_request_policy() ==
+           net::URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS &&
+       request_->initiator()->host() != location.host())) {

[mmenke, 2016/12/15 19:24:22]

->host() => ->host_piece()?  No need to create new strings here.

[mmenke, 2016/12/15 19:24:22]

I think this would be clearer with the unusual case first.  Checking for one of
a set of cases in generally clearer than checking that we're not in one of a set
of cases.

+    return URLRequestJob::ComputeRedirectInfo(location, http_status_code);
+  }
+
+  request_->net_log().AddEvent(
+      NetLogEventType::URL_REQUEST_REWRITTEN,
+      NetLog::StringCallback("reason", "Upgrade-Insecure-Requests"));
+
+  DCHECK(location.SchemeIs(url::kHttpScheme) ||
+         location.SchemeIs(url::kWsScheme));
+  GURL::Replacements replacements;
+  replacements.SetSchemeStr(location.SchemeIs(url::kHttpScheme)
+                                ? url::kHttpsScheme
+                                : url::kWssScheme);
+  return URLRequestJob::ComputeRedirectInfo(
+      location.ReplaceComponents(replacements), http_status_code);
+}
+
 bool URLRequestHttpJob::CopyFragmentOnRedirect(const GURL& location) const {
   // Allow modification of reference fragments by default, unless
   // |allowed_unsafe_redirect_url_| is set and equal to the redirect URL.
   // When this is the case, we assume that the network delegate has set the
   // desired redirect URL (with or without fragment), so it must not be changed
   // any more.
   return !allowed_unsafe_redirect_url_.is_valid() ||
        allowed_unsafe_redirect_url_ != location;
 }
 
@@ skipping 407 matching lines @@
   awaiting_callback_ = false;
 
   // Notify NetworkQualityEstimator.
   NetworkQualityEstimator* network_quality_estimator =
       request()->context()->network_quality_estimator();
   if (network_quality_estimator)
     network_quality_estimator->NotifyURLRequestDestroyed(*request());
 }
 
 }  // namespace net