| Index: content/browser/frame_host/navigation_request.cc
|
| diff --git a/content/browser/frame_host/navigation_request.cc b/content/browser/frame_host/navigation_request.cc
|
| index ddbc83136f8991d8655256ef4630aaa3bf83e05c..09ae99b5dcae272a1f5f79e74aed57f8bc7480ae 100644
|
| --- a/content/browser/frame_host/navigation_request.cc
|
| +++ b/content/browser/frame_host/navigation_request.cc
|
| @@ -222,7 +222,8 @@ NavigationRequest::NavigationRequest(
|
| restore_type_(RestoreType::NONE),
|
| is_view_source_(false),
|
| bindings_(NavigationEntryImpl::kInvalidBindings),
|
| - associated_site_instance_type_(AssociatedSiteInstanceType::NONE) {
|
| + associated_site_instance_type_(AssociatedSiteInstanceType::NONE),
|
| + insecure_request_policy(blink::kLeaveInsecureRequestsAlone) {
|
| DCHECK(!browser_initiated || (entry != nullptr && frame_entry != nullptr));
|
| if (browser_initiated) {
|
| FrameNavigationEntry* frame_entry = entry->GetFrameEntry(frame_tree_node);
|
| @@ -241,6 +242,9 @@ NavigationRequest::NavigationRequest(
|
| frame_tree_node->current_frame_host()->GetSiteInstance();
|
| }
|
|
|
| + // Maybe upgrade the request to https.
|
| + upgradeInsecureRequest();
|
| +
|
| // Update the load flags with cache information.
|
| UpdateLoadFlagsWithCacheFlags(&begin_params_.load_flags,
|
| common_params_.navigation_type,
|
| @@ -252,6 +256,7 @@ NavigationRequest::NavigationRequest(
|
| AddAdditionalRequestHeaders(
|
| &headers, common_params_.url, common_params_.navigation_type,
|
| frame_tree_node_->navigator()->GetController()->GetBrowserContext());
|
| + headers.AddHeaderFromString("Upgrade-Insecure-Requests: 1");
|
| begin_params_.headers = headers.ToString();
|
| }
|
|
|
| @@ -530,7 +535,8 @@ void NavigationRequest::OnStartChecksComplete(
|
| frame_tree_node_->current_origin(), frame_tree_node_->IsMainFrame(),
|
| parent_is_main_frame, IsSecureFrame(frame_tree_node_->parent()),
|
| frame_tree_node_->frame_tree_node_id(), is_for_guests_only,
|
| - report_raw_headers),
|
| + report_raw_headers,
|
| + insecure_request_policy),
|
| std::move(navigation_ui_data),
|
| navigation_handle_->service_worker_handle(), this);
|
| }
|
| @@ -594,4 +600,28 @@ void NavigationRequest::CommitNavigation() {
|
| frame_tree_node_->ResetNavigationRequest(true);
|
| }
|
|
|
| +void NavigationRequest::upgradeInsecureRequest() {
|
| + // Retrieve insecure policy from parent frame.
|
| + // Top frame navigation requests are not upgraded.
|
| + // TODO(arthursonzogni) the insecureNavigationSet should be use for top frame
|
| + // navigation.
|
| + if (frame_tree_node_->parent()) {
|
| + insecure_request_policy =
|
| + frame_tree_node_->parent()->GetInsecureRequestPolicy();
|
| + } else {
|
| + insecure_request_policy = blink::kLeaveInsecureRequestsAlone;
|
| + }
|
| +
|
| + if (insecure_request_policy & blink::kUpgradeInsecureRequests &&
|
| + common_params_.url.SchemeIs("http")) {
|
| + // TODO(arthursonzogni) The render-side version of this function uses a
|
| + // counter to make usage statistics. This should be done here too.
|
| + GURL::Replacements replacement;
|
| + replacement.SetSchemeStr("https");
|
| + if (common_params_.url.port() == "80")
|
| + replacement.SetPortStr("443");
|
| + common_params_.url = common_params_.url.ReplaceComponents(replacement);
|
| + }
|
| +}
|
| +
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 2445993006:
[WIP] Upgrade-insecure-request: upgrade insecurely-redirected requests.
