| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 651 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 662 frame()->document()->addConsoleMessage(ConsoleMessage::create(JSMessageS
ource, ErrorMessageLevel, message)); | 662 frame()->document()->addConsoleMessage(ConsoleMessage::create(JSMessageS
ource, ErrorMessageLevel, message)); |
| 663 } | 663 } |
| 664 | 664 |
| 665 SecurityOrigin* FrameFetchContext::getSecurityOrigin() const | 665 SecurityOrigin* FrameFetchContext::getSecurityOrigin() const |
| 666 { | 666 { |
| 667 return m_document ? m_document->getSecurityOrigin() : nullptr; | 667 return m_document ? m_document->getSecurityOrigin() : nullptr; |
| 668 } | 668 } |
| 669 | 669 |
| 670 void FrameFetchContext::upgradeInsecureRequest(ResourceRequest& resourceRequest) | 670 void FrameFetchContext::upgradeInsecureRequest(ResourceRequest& resourceRequest) |
| 671 { | 671 { |
| 672 // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational reque
sts, as described in | 672 frame()->loader().upgradeInsecureRequest(resourceRequest, m_document); |
| 673 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | |
| 674 if (resourceRequest.frameType() != WebURLRequest::FrameTypeNone) { | |
| 675 | |
| 676 // Early return if the request has already been upgraded. | |
| 677 if (resourceRequest.httpHeaderField("Upgrade-Insecure-Requests") == Atom
icString("1")) | |
| 678 return; | |
| 679 | |
| 680 resourceRequest.addHTTPHeaderField("Upgrade-Insecure-Requests", "1"); | |
| 681 } | |
| 682 | |
| 683 KURL url = resourceRequest.url(); | |
| 684 | |
| 685 // If we don't yet have an |m_document| (because we're loading an iframe, fo
r instance), check the FrameLoader's policy. | |
| 686 WebInsecureRequestPolicy relevantPolicy = m_document ? m_document->getInsecu
reRequestPolicy() : frame()->loader().getInsecureRequestPolicy(); | |
| 687 SecurityContext::InsecureNavigationsSet* relevantNavigationSet = m_document
? m_document->insecureNavigationsToUpgrade() : frame()->loader().insecureNavigat
ionsToUpgrade(); | |
| 688 | |
| 689 if (url.protocolIs("http") && relevantPolicy & kUpgradeInsecureRequests) { | |
| 690 // We always upgrade requests that meet any of the following criteria: | |
| 691 // | |
| 692 // 1. Are for subresources (including nested frames). | |
| 693 // 2. Are form submissions. | |
| 694 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | |
| 695 if (resourceRequest.frameType() == WebURLRequest::FrameTypeNone | |
| 696 || resourceRequest.frameType() == WebURLRequest::FrameTypeNested | |
| 697 || resourceRequest.requestContext() == WebURLRequest::RequestContext
Form | |
| 698 || (!url.host().isNull() && relevantNavigationSet->contains(url.host
().impl()->hash()))) { | |
| 699 UseCounter::count(m_document, UseCounter::UpgradeInsecureRequestsUpg
radedRequest); | |
| 700 url.setProtocol("https"); | |
| 701 if (url.port() == 80) | |
| 702 url.setPort(443); | |
| 703 resourceRequest.setURL(url); | |
| 704 } | |
| 705 } | |
| 706 } | 673 } |
| 707 | 674 |
| 708 void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) | 675 void FrameFetchContext::addClientHintsIfNecessary(FetchRequest& fetchRequest) |
| 709 { | 676 { |
| 710 if (!RuntimeEnabledFeatures::clientHintsEnabled() || !m_document) | 677 if (!RuntimeEnabledFeatures::clientHintsEnabled() || !m_document) |
| 711 return; | 678 return; |
| 712 | 679 |
| 713 bool shouldSendDPR = m_document->clientHintsPreferences().shouldSendDPR() ||
fetchRequest.clientHintsPreferences().shouldSendDPR(); | 680 bool shouldSendDPR = m_document->clientHintsPreferences().shouldSendDPR() ||
fetchRequest.clientHintsPreferences().shouldSendDPR(); |
| 714 bool shouldSendResourceWidth = m_document->clientHintsPreferences().shouldSe
ndResourceWidth() || fetchRequest.clientHintsPreferences().shouldSendResourceWid
th(); | 681 bool shouldSendResourceWidth = m_document->clientHintsPreferences().shouldSe
ndResourceWidth() || fetchRequest.clientHintsPreferences().shouldSendResourceWid
th(); |
| 715 bool shouldSendViewportWidth = m_document->clientHintsPreferences().shouldSe
ndViewportWidth() || fetchRequest.clientHintsPreferences().shouldSendViewportWid
th(); | 682 bool shouldSendViewportWidth = m_document->clientHintsPreferences().shouldSe
ndViewportWidth() || fetchRequest.clientHintsPreferences().shouldSendViewportWid
th(); |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 831 } | 798 } |
| 832 | 799 |
| 833 DEFINE_TRACE(FrameFetchContext) | 800 DEFINE_TRACE(FrameFetchContext) |
| 834 { | 801 { |
| 835 visitor->trace(m_document); | 802 visitor->trace(m_document); |
| 836 visitor->trace(m_documentLoader); | 803 visitor->trace(m_documentLoader); |
| 837 FetchContext::trace(visitor); | 804 FetchContext::trace(visitor); |
| 838 } | 805 } |
| 839 | 806 |
| 840 } // namespace blink | 807 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2284683002:
PlzNavigate: support upgrade-insecure-navigation. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master