Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(807)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: trunk/src/net/url_request/url_request_http_job.cc

Issue 24251011: Revert 224269 "Don't persist HPKP if PrivacyMode is enabled." (Closed) Base URL: svn://svn.chromium.org/chrome/
Patch Set: Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « trunk/src/net/url_request/url_request.cc ('k') | trunk/src/net/url_request/url_request_test_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request_http_job.h" 5 #include "net/url_request/url_request_http_job.h"
6 6
7 #include "base/base_switches.h" 7 #include "base/base_switches.h"
8 #include "base/bind.h" 8 #include "base/bind.h"
9 #include "base/bind_helpers.h" 9 #include "base/bind_helpers.h"
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 777 matching lines...) Expand 10 before | Expand all | Expand 10 after
788 TransportSecurityState* security_state = 788 TransportSecurityState* security_state =
789 request_->context()->transport_security_state(); 789 request_->context()->transport_security_state();
790 const SSLInfo& ssl_info = response_info_->ssl_info; 790 const SSLInfo& ssl_info = response_info_->ssl_info;
791 791
792 // Only accept HSTS headers on HTTPS connections that have no 792 // Only accept HSTS headers on HTTPS connections that have no
793 // certificate errors. 793 // certificate errors.
794 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || 794 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) ||
795 !security_state) 795 !security_state)
796 return; 796 return;
797 797
798 CookieOptions options;
799 options.set_include_httponly();
800 options.set_server_time(response_date_);
801 // Don't persist HSTS if cookies are not saved to avoid tracking.
802 if ((request_info_.load_flags & LOAD_DO_NOT_SAVE_COOKIES) ||
803 !CanSetCookie("", &options))
804 return;
805 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: 798 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec:
806 // 799 //
807 // If a UA receives more than one STS header field in a HTTP response 800 // If a UA receives more than one STS header field in a HTTP response
808 // message over secure transport, then the UA MUST process only the 801 // message over secure transport, then the UA MUST process only the
809 // first such header field. 802 // first such header field.
810 HttpResponseHeaders* headers = GetResponseHeaders(); 803 HttpResponseHeaders* headers = GetResponseHeaders();
811 std::string value; 804 std::string value;
812 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) 805 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value))
813 security_state->AddHSTSHeader(request_info_.url.host(), value); 806 security_state->AddHSTSHeader(request_info_.url.host(), value);
814 } 807 }
815 808
816 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { 809 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {
817 DCHECK(response_info_); 810 DCHECK(response_info_);
818 TransportSecurityState* security_state = 811 TransportSecurityState* security_state =
819 request_->context()->transport_security_state(); 812 request_->context()->transport_security_state();
820 const SSLInfo& ssl_info = response_info_->ssl_info; 813 const SSLInfo& ssl_info = response_info_->ssl_info;
821 814
822 // Only accept HPKP headers on HTTPS connections that have no 815 // Only accept HPKP headers on HTTPS connections that have no
823 // certificate errors. 816 // certificate errors.
824 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || 817 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) ||
825 !security_state) 818 !security_state)
826 return; 819 return;
827 820
828 CookieOptions options;
829 options.set_include_httponly();
830 options.set_server_time(response_date_);
831 // Don't persist HPKP if cookies are not saved to avoid tracking.
832 if ((request_info_.load_flags & LOAD_DO_NOT_SAVE_COOKIES) ||
833 !CanSetCookie("", &options))
834 return;
835
836 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: 821 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning:
837 // 822 //
838 // If a UA receives more than one PKP header field in an HTTP 823 // If a UA receives more than one PKP header field in an HTTP
839 // response message over secure transport, then the UA MUST process 824 // response message over secure transport, then the UA MUST process
840 // only the first such header field. 825 // only the first such header field.
841 HttpResponseHeaders* headers = GetResponseHeaders(); 826 HttpResponseHeaders* headers = GetResponseHeaders();
842 std::string value; 827 std::string value;
843 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value)) 828 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value))
844 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); 829 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info);
845 } 830 }
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
902 return; 887 return;
903 } 888 }
904 } 889 }
905 890
906 SaveCookiesAndNotifyHeadersComplete(net::OK); 891 SaveCookiesAndNotifyHeadersComplete(net::OK);
907 } else if (IsCertificateError(result)) { 892 } else if (IsCertificateError(result)) {
908 // We encountered an SSL certificate error. Ask our delegate to decide 893 // We encountered an SSL certificate error. Ask our delegate to decide
909 // what we should do. 894 // what we should do.
910 895
911 TransportSecurityState::DomainState domain_state; 896 TransportSecurityState::DomainState domain_state;
912 bool allow_dynamic_state =
913 !(request_info_.load_flags & LOAD_DO_NOT_SEND_COOKIES) &&
914 CanGetCookies(CookieList());
915 const URLRequestContext* context = request_->context(); 897 const URLRequestContext* context = request_->context();
916 const bool fatal = 898 const bool fatal = context->transport_security_state() &&
917 context->transport_security_state() &&
918 context->transport_security_state()->GetDomainState( 899 context->transport_security_state()->GetDomainState(
919 request_info_.url.host(), 900 request_info_.url.host(),
920 SSLConfigService::IsSNIAvailable(context->ssl_config_service()), 901 SSLConfigService::IsSNIAvailable(context->ssl_config_service()),
921 allow_dynamic_state,
922 &domain_state) && 902 &domain_state) &&
923 domain_state.ShouldSSLErrorsBeFatal(); 903 domain_state.ShouldSSLErrorsBeFatal();
924 NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, fatal); 904 NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, fatal);
925 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { 905 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
926 NotifyCertificateRequested( 906 NotifyCertificateRequested(
927 transaction_->GetResponseInfo()->cert_request_info.get()); 907 transaction_->GetResponseInfo()->cert_request_info.get());
928 } else { 908 } else {
929 NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); 909 NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result));
930 } 910 }
931 } 911 }
(...skipping 592 matching lines...) Expand 10 before | Expand all | Expand 10 after
1524 1504
1525 void URLRequestHttpJob::NotifyURLRequestDestroyed() { 1505 void URLRequestHttpJob::NotifyURLRequestDestroyed() {
1526 awaiting_callback_ = false; 1506 awaiting_callback_ = false;
1527 } 1507 }
1528 1508
1529 void URLRequestHttpJob::OnDetachRequest() { 1509 void URLRequestHttpJob::OnDetachRequest() {
1530 http_transaction_delegate_->OnDetachRequest(); 1510 http_transaction_delegate_->OnDetachRequest();
1531 } 1511 }
1532 1512
1533 } // namespace net 1513 } // namespace net
OLDNEW
« no previous file with comments | « trunk/src/net/url_request/url_request.cc ('k') | trunk/src/net/url_request/url_request_test_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698