Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(268)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2284683002: PlzNavigate: support upgrade-insecure-navigation. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Adressed comments (Nate) Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/loader/FrameLoader.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
8 * Copyright (C) 2011 Google Inc. All rights reserved. 8 * Copyright (C) 2011 Google Inc. All rights reserved.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
(...skipping 1406 matching lines...) Expand 10 before | Expand all | Expand 10 after
1417 void FrameLoader::startLoad(FrameLoadRequest& frameLoadRequest, FrameLoadType ty pe, NavigationPolicy navigationPolicy) 1417 void FrameLoader::startLoad(FrameLoadRequest& frameLoadRequest, FrameLoadType ty pe, NavigationPolicy navigationPolicy)
1418 { 1418 {
1419 ASSERT(client()->hasWebView()); 1419 ASSERT(client()->hasWebView());
1420 if (m_frame->document()->pageDismissalEventBeingDispatched() != Document::No Dismissal) 1420 if (m_frame->document()->pageDismissalEventBeingDispatched() != Document::No Dismissal)
1421 return; 1421 return;
1422 1422
1423 NavigationType navigationType = determineNavigationType(type, frameLoadReque st.resourceRequest().httpBody() || frameLoadRequest.form(), frameLoadRequest.tri ggeringEvent()); 1423 NavigationType navigationType = determineNavigationType(type, frameLoadReque st.resourceRequest().httpBody() || frameLoadRequest.form(), frameLoadRequest.tri ggeringEvent());
1424 frameLoadRequest.resourceRequest().setRequestContext(determineRequestContext FromNavigationType(navigationType)); 1424 frameLoadRequest.resourceRequest().setRequestContext(determineRequestContext FromNavigationType(navigationType));
1425 frameLoadRequest.resourceRequest().setFrameType(m_frame->isMainFrame() ? Web URLRequest::FrameTypeTopLevel : WebURLRequest::FrameTypeNested); 1425 frameLoadRequest.resourceRequest().setFrameType(m_frame->isMainFrame() ? Web URLRequest::FrameTypeTopLevel : WebURLRequest::FrameTypeNested);
1426 ResourceRequest& request = frameLoadRequest.resourceRequest(); 1426 ResourceRequest& request = frameLoadRequest.resourceRequest();
1427 upgradeInsecureRequest(request, nullptr);
1427 if (!shouldContinueForNavigationPolicy(request, frameLoadRequest.substituteD ata(), nullptr, frameLoadRequest.shouldCheckMainWorldContentSecurityPolicy(), na vigationType, navigationPolicy, type == FrameLoadTypeReplaceCurrentItem, frameLo adRequest.clientRedirect() == ClientRedirectPolicy::ClientRedirect)) 1428 if (!shouldContinueForNavigationPolicy(request, frameLoadRequest.substituteD ata(), nullptr, frameLoadRequest.shouldCheckMainWorldContentSecurityPolicy(), na vigationType, navigationPolicy, type == FrameLoadTypeReplaceCurrentItem, frameLo adRequest.clientRedirect() == ClientRedirectPolicy::ClientRedirect))
1428 return; 1429 return;
1429 1430
1430 m_frame->document()->cancelParsing(); 1431 m_frame->document()->cancelParsing();
1431 detachDocumentLoader(m_provisionalDocumentLoader); 1432 detachDocumentLoader(m_provisionalDocumentLoader);
1432 1433
1433 // beforeunload fired above, and detaching a DocumentLoader can fire 1434 // beforeunload fired above, and detaching a DocumentLoader can fire
1434 // events, which can detach this frame. 1435 // events, which can detach this frame.
1435 if (!m_frame->host()) 1436 if (!m_frame->host())
1436 return; 1437 return;
1437 1438
1438 m_provisionalDocumentLoader = client()->createDocumentLoader(m_frame, reques t, frameLoadRequest.substituteData().isValid() ? frameLoadRequest.substituteData () : defaultSubstituteDataForURL(request.url())); 1439 m_provisionalDocumentLoader = client()->createDocumentLoader(m_frame, reques t, frameLoadRequest.substituteData().isValid() ? frameLoadRequest.substituteData () : defaultSubstituteDataForURL(request.url()));
1439 m_provisionalDocumentLoader->setNavigationType(navigationType); 1440 m_provisionalDocumentLoader->setNavigationType(navigationType);
1440 m_provisionalDocumentLoader->setReplacesCurrentHistoryItem(type == FrameLoad TypeReplaceCurrentItem); 1441 m_provisionalDocumentLoader->setReplacesCurrentHistoryItem(type == FrameLoad TypeReplaceCurrentItem);
1441 m_provisionalDocumentLoader->setIsClientRedirect(frameLoadRequest.clientRedi rect() == ClientRedirectPolicy::ClientRedirect); 1442 m_provisionalDocumentLoader->setIsClientRedirect(frameLoadRequest.clientRedi rect() == ClientRedirectPolicy::ClientRedirect);
1442 1443
1443 m_frame->navigationScheduler().cancel(); 1444 m_frame->navigationScheduler().cancel();
1444 m_checkTimer.stop(); 1445 m_checkTimer.stop();
1445 1446
1446 m_loadType = type; 1447 m_loadType = type;
1447 1448
1448 if (frameLoadRequest.form()) 1449 if (frameLoadRequest.form())
1449 client()->dispatchWillSubmitForm(frameLoadRequest.form()); 1450 client()->dispatchWillSubmitForm(frameLoadRequest.form());
1450 1451
1451 m_progressTracker->progressStarted(); 1452 m_progressTracker->progressStarted();
1452 if (m_provisionalDocumentLoader->isClientRedirect()) 1453 if (m_provisionalDocumentLoader->isClientRedirect())
1453 m_provisionalDocumentLoader->appendRedirect(m_frame->document()->url()); 1454 m_provisionalDocumentLoader->appendRedirect(m_frame->document()->url());
1454 m_provisionalDocumentLoader->appendRedirect(m_provisionalDocumentLoader->req uest().url()); 1455 m_provisionalDocumentLoader->appendRedirect(m_provisionalDocumentLoader->req uest().url());
1455 m_provisionalDocumentLoader->upgradeInsecureRequest();
1456 double triggeringEventTime = frameLoadRequest.triggeringEvent() ? frameLoadR equest.triggeringEvent()->platformTimeStamp() : 0; 1456 double triggeringEventTime = frameLoadRequest.triggeringEvent() ? frameLoadR equest.triggeringEvent()->platformTimeStamp() : 0;
1457 client()->dispatchDidStartProvisionalLoad(triggeringEventTime); 1457 client()->dispatchDidStartProvisionalLoad(triggeringEventTime);
1458 ASSERT(m_provisionalDocumentLoader); 1458 ASSERT(m_provisionalDocumentLoader);
1459 m_provisionalDocumentLoader->startLoadingMainResource(); 1459 m_provisionalDocumentLoader->startLoadingMainResource();
1460 1460
1461 takeObjectSnapshot(); 1461 takeObjectSnapshot();
1462 } 1462 }
1463 1463
1464 void FrameLoader::applyUserAgent(ResourceRequest& request) 1464 void FrameLoader::applyUserAgent(ResourceRequest& request)
1465 { 1465 {
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
1600 1600
1601 // FIXME: We need a way to propagate insecure requests policy flags to 1601 // FIXME: We need a way to propagate insecure requests policy flags to
1602 // out-of-process frames. For now, we'll always use default behavior. 1602 // out-of-process frames. For now, we'll always use default behavior.
1603 if (!parentFrame->isLocalFrame()) 1603 if (!parentFrame->isLocalFrame())
1604 return nullptr; 1604 return nullptr;
1605 1605
1606 ASSERT(toLocalFrame(parentFrame)->document()); 1606 ASSERT(toLocalFrame(parentFrame)->document());
1607 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ; 1607 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ;
1608 } 1608 }
1609 1609
1610 void FrameLoader::upgradeInsecureRequest(ResourceRequest& resourceRequest, Docum ent* document) const
1611 {
1612 // Tack an 'Upgrade-Insecure-Requests' header to outgoing navigational reque sts, as described in
1613 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect
1614 if (resourceRequest.frameType() != WebURLRequest::FrameTypeNone) {
1615
1616 // Early return if the request has already been upgraded.
1617 if (resourceRequest.httpHeaderField("Upgrade-Insecure-Requests") == Atom icString("1"))
1618 return;
1619
1620 resourceRequest.addHTTPHeaderField("Upgrade-Insecure-Requests", "1");
1621 }
1622
1623 KURL url = resourceRequest.url();
1624
1625 // If we don't yet have an |m_document| (because we're loading an iframe, fo r instance), check the FrameLoader's policy.
1626 WebInsecureRequestPolicy relevantPolicy = document ? document->getInsecureRe questPolicy() : getInsecureRequestPolicy();
1627 SecurityContext::InsecureNavigationsSet* relevantNavigationSet = document ? document->insecureNavigationsToUpgrade() : insecureNavigationsToUpgrade();
1628
1629 if (url.protocolIs("http") && relevantPolicy & kUpgradeInsecureRequests) {
1630 // We always upgrade requests that meet any of the following criteria:
1631 //
1632 // 1. Are for subresources (including nested frames).
1633 // 2. Are form submissions.
1634 // 3. Whose hosts are contained in the document's InsecureNavigationSet.
1635 if (resourceRequest.frameType() == WebURLRequest::FrameTypeNone
1636 || resourceRequest.frameType() == WebURLRequest::FrameTypeNested
1637 || resourceRequest.requestContext() == WebURLRequest::RequestContext Form
1638 || (!url.host().isNull() && relevantNavigationSet->contains(url.host ().impl()->hash()))) {
1639 UseCounter::count(document, UseCounter::UpgradeInsecureRequestsUpgra dedRequest);
1640 url.setProtocol("https");
1641 if (url.port() == 80)
1642 url.setPort(443);
1643 resourceRequest.setURL(url);
1644 }
1645 }
1646 }
1647
1648
1610 std::unique_ptr<TracedValue> FrameLoader::toTracedValue() const 1649 std::unique_ptr<TracedValue> FrameLoader::toTracedValue() const
1611 { 1650 {
1612 std::unique_ptr<TracedValue> tracedValue = TracedValue::create(); 1651 std::unique_ptr<TracedValue> tracedValue = TracedValue::create();
1613 tracedValue->beginDictionary("frame"); 1652 tracedValue->beginDictionary("frame");
1614 tracedValue->setString("id_ref", String::format("0x%" PRIx64, static_cast<ui nt64_t>(reinterpret_cast<uintptr_t>(m_frame.get())))); 1653 tracedValue->setString("id_ref", String::format("0x%" PRIx64, static_cast<ui nt64_t>(reinterpret_cast<uintptr_t>(m_frame.get()))));
1615 tracedValue->endDictionary(); 1654 tracedValue->endDictionary();
1616 tracedValue->setBoolean("isLoadingMainFrame", isLoadingMainFrame()); 1655 tracedValue->setBoolean("isLoadingMainFrame", isLoadingMainFrame());
1617 tracedValue->setString("stateMachine", m_stateMachine.toString()); 1656 tracedValue->setString("stateMachine", m_stateMachine.toString());
1618 tracedValue->setString("provisionalDocumentLoaderURL", m_provisionalDocument Loader ? m_provisionalDocumentLoader->url() : String()); 1657 tracedValue->setString("provisionalDocumentLoaderURL", m_provisionalDocument Loader ? m_provisionalDocumentLoader->url() : String());
1619 tracedValue->setString("documentLoaderURL", m_documentLoader ? m_documentLoa der->url() : String()); 1658 tracedValue->setString("documentLoaderURL", m_documentLoader ? m_documentLoa der->url() : String());
1620 return tracedValue; 1659 return tracedValue;
1621 } 1660 }
1622 1661
1623 inline void FrameLoader::takeObjectSnapshot() const 1662 inline void FrameLoader::takeObjectSnapshot() const
1624 { 1663 {
1625 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, toTraced Value()); 1664 TRACE_EVENT_OBJECT_SNAPSHOT_WITH_ID("loading", "FrameLoader", this, toTraced Value());
1626 } 1665 }
1627 1666
1628 } // namespace blink 1667 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/loader/FrameLoader.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698