WIP: Move 'Upgrade-Insecure-Requests' to the browser process.

net/url_request/url_request_http_job.cc

Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 68e708f214642b01be15264d32f6b8ccb42b0d45..3e5b32249a48bbd69985091569c0a4d5c90a55d8 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -190,6 +190,41 @@ net::URLRequestRedirectJob* MaybeInternallyRedirect(
       net::URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT, "HSTS");
 }
 
+// If |request|'s insecure request policy matches its URL, then upgrade it from
+// a non-secure protocol to a secure protocol (e.g. "http" => "https"). See
+// https://www.w3.org/TR/upgrade-insecure-requests/ for details.
+//
+// TODO(mkwst): HSTS is currently modeled as a redirect, which makes sense,
+// given the web-exposed behavior developers currently rely upon. At some
+// point, however, https://wicg.github.io/hsts-priming/ will change that
+// expectation. Once those changes are in place, it would make sense to
+// merge the HSTS logic from 'MaybeInternallyRedirect' into these functions.
+bool ShouldUpgradeURLForRequest(const GURL& url, net::URLRequest* request) {
+  if (request->insecure_request_policy() == net::URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS ||
+      url.SchemeIsCryptographic() ||
+      (request->initiator() &&
+       request->insecure_request_policy() == net::URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS &&
+       request->initiator()->host() != url.host())) {
+    return false;
+  }
+
+  return true;  
+}
+
+GURL UpgradeURL(const GURL& url) {
+  DCHECK(url.SchemeIs(url::kHttpScheme) || url.SchemeIs(url::kWsScheme));
+  GURL::Replacements replacements;
+  replacements.SetSchemeStr(url.SchemeIs(url::kHttpScheme) ? url::kHttpsScheme : url::kWssScheme);
+  return url.ReplaceComponents(replacements);
+}
+
+void MaybeRewriteRequestURL(net::URLRequest* request) {
+  if (!ShouldUpgradeURLForRequest(request->url(), request))
+    return;
+
+  request->RewriteURL(UpgradeURL(request->url()), "Upgrade-Insecure-Requests");
+}
+
 }  // namespace
 
 namespace net {
@@ -208,6 +243,8 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
         request, network_delegate, ERR_INVALID_ARGUMENT);
   }
 
+  MaybeRewriteRequestURL(request);

[mmenke, 2016/12/13 19:00:24]

The redirect stuff all looks pretty reasonable to me.  This, though, does seem
really ugly.

Also, something occurred to me:  With this approach, Blink would be hiding HTTPS
referrers, since it doesn't know the HTTP request will actually go over HTTPS,
right?

+
   URLRequestRedirectJob* redirect =
       MaybeInternallyRedirect(request, network_delegate);
   if (redirect)
@@ -1127,6 +1164,10 @@ std::unique_ptr<SourceStream> URLRequestHttpJob::SetUpSourceStream() {
   return upstream;
 }
 
+RedirectInfo URLRequestHttpJob::ComputeRedirectInfo(const GURL& location, int http_status_code) {
+  return URLRequestJob::ComputeRedirectInfo(ShouldUpgradeURLForRequest(location, request_) ? UpgradeURL(location) : location, http_status_code);
+}
+
 bool URLRequestHttpJob::CopyFragmentOnRedirect(const GURL& location) const {
   // Allow modification of reference fragments by default, unless
   // |allowed_unsafe_redirect_url_| is set and equal to the redirect URL.