Chromium Code Reviews Chromium Code Reviews
Issue 2284683002:
PlzNavigate: support upgrade-insecure-navigation. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 649 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 660 { | 660 { |
| 661 if (frame()->document()) | 661 if (frame()->document()) |
| 662 frame()->document()->addConsoleMessage(ConsoleMessage::create(JSMessageS ource, ErrorMessageLevel, message)); | 662 frame()->document()->addConsoleMessage(ConsoleMessage::create(JSMessageS ource, ErrorMessageLevel, message)); |
| 663 } | 663 } |
| 664 | 664 |
| 665 SecurityOrigin* FrameFetchContext::getSecurityOrigin() const | 665 SecurityOrigin* FrameFetchContext::getSecurityOrigin() const |
| 666 { | 666 { |
| 667 return m_document ? m_document->getSecurityOrigin() : nullptr; | 667 return m_document ? m_document->getSecurityOrigin() : nullptr; |
| 668 } | 668 } |
| 669 | 669 |
| 670 void FrameFetchContext::upgradeInsecureRequest(ResourceRequest& resourceRequest) | 670 // static |
| 671 void FrameFetchContext::upgradeInsecureRequest(ResourceRequest& resourceRequest, Document* document, FrameLoader* frameLoader) | |
|
Nate Chapin
2016/08/26 16:04:34
Take a FrameLoader& instead?
arthursonzogni
2016/08/26 16:38:34
Yes we can. It is for saying it couldn't be null ?
| |
| 671 { | 672 { |
| 672 // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational reque sts, as described in | 673 // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational reque sts, as described in |
| 673 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 674 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
| 674 if (resourceRequest.frameType() != WebURLRequest::FrameTypeNone) { | 675 if (resourceRequest.frameType() != WebURLRequest::FrameTypeNone) { |
| 675 | 676 |
| 676 // Early return if the request has already been upgraded. | 677 // Early return if the request has already been upgraded. |
| 677 if (resourceRequest.httpHeaderField("Upgrade-Insecure-Requests") == Atom icString("1")) | 678 if (resourceRequest.httpHeaderField("Upgrade-Insecure-Requests") == Atom icString("1")) |
| 678 return; | 679 return; |
| 679 | 680 |
| 680 resourceRequest.addHTTPHeaderField("Upgrade-Insecure-Requests", "1"); | 681 resourceRequest.addHTTPHeaderField("Upgrade-Insecure-Requests", "1"); |
| 681 } | 682 } |
| 682 | 683 |
| 683 KURL url = resourceRequest.url(); | 684 KURL url = resourceRequest.url(); |
| 684 | 685 |
| 685 // If we don't yet have an |m_document| (because we're loading an iframe, fo r instance), check the FrameLoader's policy. | 686 // If we don't yet have an |m_document| (because we're loading an iframe, fo r instance), check the FrameLoader's policy. |
| 686 WebInsecureRequestPolicy relevantPolicy = m_document ? m_document->getInsecu reRequestPolicy() : frame()->loader().getInsecureRequestPolicy(); | 687 WebInsecureRequestPolicy relevantPolicy = document ? document->getInsecureRe questPolicy() : frameLoader->getInsecureRequestPolicy(); |
| 687 SecurityContext::InsecureNavigationsSet* relevantNavigationSet = m_document ? m_document->insecureNavigationsToUpgrade() : frame()->loader().insecureNavigat ionsToUpgrade(); | 688 SecurityContext::InsecureNavigationsSet* relevantNavigationSet = document ? document->insecureNavigationsToUpgrade() : frameLoader->insecureNavigationsToUpg rade(); |
| 688 | 689 |
| 689 if (url.protocolIs("http") && relevantPolicy & kUpgradeInsecureRequests) { | 690 if (url.protocolIs("http") && relevantPolicy & kUpgradeInsecureRequests) { |
| 690 // We always upgrade requests that meet any of the following criteria: | 691 // We always upgrade requests that meet any of the following criteria: |
| 691 // | 692 // |
| 692 // 1. Are for subresources (including nested frames). | 693 // 1. Are for subresources (including nested frames). |
| 693 // 2. Are form submissions. | 694 // 2. Are form submissions. |
| 694 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | 695 // 3. Whose hosts are contained in the document's InsecureNavigationSet. |
| 695 if (resourceRequest.frameType() == WebURLRequest::FrameTypeNone | 696 if (resourceRequest.frameType() == WebURLRequest::FrameTypeNone |
| 696 || resourceRequest.frameType() == WebURLRequest::FrameTypeNested | 697 || resourceRequest.frameType() == WebURLRequest::FrameTypeNested |
| 697 || resourceRequest.requestContext() == WebURLRequest::RequestContext Form | 698 || resourceRequest.requestContext() == WebURLRequest::RequestContext Form |
| 698 || (!url.host().isNull() && relevantNavigationSet->contains(url.host ().impl()->hash()))) { | 699 || (!url.host().isNull() && relevantNavigationSet->contains(url.host ().impl()->hash()))) { |
| 699 UseCounter::count(m_document, UseCounter::UpgradeInsecureRequestsUpg radedRequest); | 700 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsUpgra dedRequest); |
| 700 url.setProtocol("https"); | 701 url.setProtocol("https"); |
| 701 if (url.port() == 80) | 702 if (url.port() == 80) |
| 702 url.setPort(443); | 703 url.setPort(443); |
| 703 resourceRequest.setURL(url); | 704 resourceRequest.setURL(url); |
| 704 } | 705 } |
| 705 } | 706 } |
| 706 } | 707 } |
| 707 | 708 |
| 709 void FrameFetchContext::upgradeInsecureRequest(ResourceRequest& resourceRequest) | |
| 710 { | |
| 711 upgradeInsecureRequest(resourceRequest, m_document, &(frame()->loader())); | |
| 712 } | |
| 713 | |
| 708 void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) | 714 void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) |
| 709 { | 715 { |
| 710 if (!RuntimeEnabledFeatures::clientHintsEnabled() || !m_document) | 716 if (!RuntimeEnabledFeatures::clientHintsEnabled() || !m_document) |
| 711 return; | 717 return; |
| 712 | 718 |
| 713 bool shouldSendDPR = m_document->clientHintsPreferences().shouldSendDPR() || fetchRequest.clientHintsPreferences().shouldSendDPR(); | 719 bool shouldSendDPR = m_document->clientHintsPreferences().shouldSendDPR() || fetchRequest.clientHintsPreferences().shouldSendDPR(); |
| 714 bool shouldSendResourceWidth = m_document->clientHintsPreferences().shouldSe ndResourceWidth() || fetchRequest.clientHintsPreferences().shouldSendResourceWid th(); | 720 bool shouldSendResourceWidth = m_document->clientHintsPreferences().shouldSe ndResourceWidth() || fetchRequest.clientHintsPreferences().shouldSendResourceWid th(); |
| 715 bool shouldSendViewportWidth = m_document->clientHintsPreferences().shouldSe ndViewportWidth() || fetchRequest.clientHintsPreferences().shouldSendViewportWid th(); | 721 bool shouldSendViewportWidth = m_document->clientHintsPreferences().shouldSe ndViewportWidth() || fetchRequest.clientHintsPreferences().shouldSendViewportWid th(); |
| 716 | 722 |
| 717 if (shouldSendDPR) | 723 if (shouldSendDPR) |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 831 } | 837 } |
| 832 | 838 |
| 833 DEFINE_TRACE(FrameFetchContext) | 839 DEFINE_TRACE(FrameFetchContext) |
| 834 { | 840 { |
| 835 visitor->trace(m_document); | 841 visitor->trace(m_document); |
| 836 visitor->trace(m_documentLoader); | 842 visitor->trace(m_documentLoader); |
| 837 FetchContext::trace(visitor); | 843 FetchContext::trace(visitor); |
| 838 } | 844 } |
| 839 | 845 |
| 840 } // namespace blink | 846 } // namespace blink |
| OLD | NEW |
