[WIP] Upgrade-insecure-request: upgrade insecurely-redirected requests.

content/browser/frame_host/navigation_request.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/navigation_request.h"
 
 #include <utility>
 
 #include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/devtools/render_frame_devtools_agent_host.h"
@@ skipping 204 matching lines @@
     const NavigationEntryImpl* entry)
     : frame_tree_node_(frame_tree_node),
       common_params_(common_params),
       begin_params_(begin_params),
       request_params_(request_params),
       browser_initiated_(browser_initiated),
       state_(NOT_STARTED),
       restore_type_(RestoreType::NONE),
       is_view_source_(false),
       bindings_(NavigationEntryImpl::kInvalidBindings),
-      associated_site_instance_type_(AssociatedSiteInstanceType::NONE) {
+      associated_site_instance_type_(AssociatedSiteInstanceType::NONE),
+      insecure_request_policy(blink::kLeaveInsecureRequestsAlone) {
   DCHECK(!browser_initiated || (entry != nullptr && frame_entry != nullptr));
   if (browser_initiated) {
     FrameNavigationEntry* frame_entry = entry->GetFrameEntry(frame_tree_node);
     if (frame_entry) {
       source_site_instance_ = frame_entry->source_site_instance();
       dest_site_instance_ = frame_entry->site_instance();
     }
 
     restore_type_ = entry->restore_type();
     is_view_source_ = entry->IsViewSourceMode();
     bindings_ = entry->bindings();
   } else {
     // This is needed to have about:blank and data URLs commit in the same
     // SiteInstance as the initiating renderer.
     source_site_instance_ =
         frame_tree_node->current_frame_host()->GetSiteInstance();
   }
 
+  // Maybe upgrade the request to https.
+  upgradeInsecureRequest();
+
   // Update the load flags with cache information.
   UpdateLoadFlagsWithCacheFlags(&begin_params_.load_flags,
                                 common_params_.navigation_type,
                                 common_params_.method == "POST");
 
   // Add necessary headers that may not be present in the BeginNavigationParams.
   net::HttpRequestHeaders headers;
   headers.AddHeadersFromString(begin_params_.headers);
   AddAdditionalRequestHeaders(
       &headers, common_params_.url, common_params_.navigation_type,
       frame_tree_node_->navigator()->GetController()->GetBrowserContext());
+  headers.AddHeaderFromString("Upgrade-Insecure-Requests: 1");
   begin_params_.headers = headers.ToString();
 }
 
 NavigationRequest::~NavigationRequest() {
 }
 
 void NavigationRequest::BeginNavigation() {
   DCHECK(!loader_);
   DCHECK(state_ == NOT_STARTED || state_ == WAITING_FOR_RENDERER_RESPONSE);
   state_ = STARTED;
@@ skipping 258 matching lines @@
   bool report_raw_headers =
       RenderFrameDevToolsAgentHost::IsNetworkHandlerEnabled(frame_tree_node_);
 
   loader_ = NavigationURLLoader::Create(
       frame_tree_node_->navigator()->GetController()->GetBrowserContext(),
       base::MakeUnique<NavigationRequestInfo>(
           common_params_, begin_params_, first_party_for_cookies,
           frame_tree_node_->current_origin(), frame_tree_node_->IsMainFrame(),
           parent_is_main_frame, IsSecureFrame(frame_tree_node_->parent()),
           frame_tree_node_->frame_tree_node_id(), is_for_guests_only,
-          report_raw_headers),
+          report_raw_headers,
+          insecure_request_policy),
       std::move(navigation_ui_data),
       navigation_handle_->service_worker_handle(), this);
 }
 
 void NavigationRequest::OnRedirectChecksComplete(
     NavigationThrottle::ThrottleCheckResult result) {
   CHECK(result != NavigationThrottle::DEFER);
 
   // Abort the request if needed. This will destroy the NavigationRequest.
   if (result == NavigationThrottle::CANCEL_AND_IGNORE ||
@@ skipping 43 matching lines @@
 
   DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture);
 
   render_frame_host->CommitNavigation(response_.get(), std::move(body_),
                                       common_params_, request_params_,
                                       is_view_source_);
 
   frame_tree_node_->ResetNavigationRequest(true);
 }
 
+void NavigationRequest::upgradeInsecureRequest() {
+  // Retrieve insecure policy from parent frame.
+  // Top frame navigation requests are not upgraded.
+  // TODO(arthursonzogni) the insecureNavigationSet should be use for top frame
+  // navigation.
+  if (frame_tree_node_->parent()) {
+    insecure_request_policy =
+        frame_tree_node_->parent()->GetInsecureRequestPolicy();
+  } else {
+    insecure_request_policy = blink::kLeaveInsecureRequestsAlone;
+  }
+
+  if (insecure_request_policy & blink::kUpgradeInsecureRequests &&
+      common_params_.url.SchemeIs("http")) {
+    // TODO(arthursonzogni) The render-side version of this function uses a
+    // counter to make usage statistics. This should be done here too.
+    GURL::Replacements replacement;
+    replacement.SetSchemeStr("https");
+    if (common_params_.url.port() == "80")
+      replacement.SetPortStr("443");
+    common_params_.url = common_params_.url.ReplaceComponents(replacement);
+  }
+}
+
 }  // namespace content