Chromium Code Reviews Chromium Code Reviews
Issue 2546213003:
Implement net/ support for Android's NetworkSecurityPolicy (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base_switches.h" | 9 #include "base/base_switches.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 61 #include "net/url_request/http_user_agent_settings.h" | 61 #include "net/url_request/http_user_agent_settings.h" |
| 62 #include "net/url_request/url_request.h" | 62 #include "net/url_request/url_request.h" |
| 63 #include "net/url_request/url_request_context.h" | 63 #include "net/url_request/url_request_context.h" |
| 64 #include "net/url_request/url_request_error_job.h" | 64 #include "net/url_request/url_request_error_job.h" |
| 65 #include "net/url_request/url_request_job_factory.h" | 65 #include "net/url_request/url_request_job_factory.h" |
| 66 #include "net/url_request/url_request_redirect_job.h" | 66 #include "net/url_request/url_request_redirect_job.h" |
| 67 #include "net/url_request/url_request_throttler_manager.h" | 67 #include "net/url_request/url_request_throttler_manager.h" |
| 68 #include "net/websockets/websocket_handshake_stream_base.h" | 68 #include "net/websockets/websocket_handshake_stream_base.h" |
| 69 #include "url/origin.h" | 69 #include "url/origin.h" |
| 70 | 70 |
| 71 #if defined(OS_ANDROID) | |
| 72 #include "net/android/network_library.h" | |
| 73 #endif | |
| 74 | |
| 71 static const char kAvailDictionaryHeader[] = "Avail-Dictionary"; | 75 static const char kAvailDictionaryHeader[] = "Avail-Dictionary"; |
| 72 | 76 |
| 73 namespace { | 77 namespace { |
| 74 | 78 |
| 75 const char kDeflate[] = "deflate"; | 79 const char kDeflate[] = "deflate"; |
| 76 const char kGZip[] = "gzip"; | 80 const char kGZip[] = "gzip"; |
| 77 const char kSdch[] = "sdch"; | 81 const char kSdch[] = "sdch"; |
| 78 const char kXGZip[] = "x-gzip"; | 82 const char kXGZip[] = "x-gzip"; |
| 79 const char kBrotli[] = "br"; | 83 const char kBrotli[] = "br"; |
| 80 | 84 |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 162 params->channel_id_service->GetUniqueID()) { | 166 params->channel_id_service->GetUniqueID()) { |
| 163 ephemerality = PERSISTENT_MATCH; | 167 ephemerality = PERSISTENT_MATCH; |
| 164 } else { | 168 } else { |
| 165 NOTREACHED(); | 169 NOTREACHED(); |
| 166 ephemerality = PERSISTENT_MISMATCH; | 170 ephemerality = PERSISTENT_MISMATCH; |
| 167 } | 171 } |
| 168 UMA_HISTOGRAM_ENUMERATION("Net.TokenBinding.StoreEphemerality", ephemerality, | 172 UMA_HISTOGRAM_ENUMERATION("Net.TokenBinding.StoreEphemerality", ephemerality, |
| 169 EPHEMERALITY_MAX); | 173 EPHEMERALITY_MAX); |
| 170 } | 174 } |
| 171 | 175 |
| 172 net::URLRequestRedirectJob* MaybeInternallyRedirect( | |
| 173 net::URLRequest* request, | |
| 174 net::NetworkDelegate* network_delegate) { | |
| 175 const GURL& url = request->url(); | |
| 176 if (url.SchemeIsCryptographic()) | |
| 177 return nullptr; | |
| 178 | |
| 179 net::TransportSecurityState* hsts = | |
| 180 request->context()->transport_security_state(); | |
| 181 if (!hsts || !hsts->ShouldUpgradeToSSL(url.host())) | |
| 182 return nullptr; | |
| 183 | |
| 184 GURL::Replacements replacements; | |
| 185 replacements.SetSchemeStr(url.SchemeIs(url::kHttpScheme) ? url::kHttpsScheme | |
| 186 : url::kWssScheme); | |
| 187 return new net::URLRequestRedirectJob( | |
| 188 request, network_delegate, url.ReplaceComponents(replacements), | |
| 189 // Use status code 307 to preserve the method, so POST requests work. | |
| 190 net::URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT, "HSTS"); | |
| 191 } | |
| 192 | |
| 193 } // namespace | 176 } // namespace |
| 194 | 177 |
| 195 namespace net { | 178 namespace net { |
| 196 | 179 |
| 197 // TODO(darin): make sure the port blocking code is not lost | 180 // TODO(darin): make sure the port blocking code is not lost |
| 198 // static | 181 // static |
| 199 URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request, | 182 URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request, |
| 200 NetworkDelegate* network_delegate, | 183 NetworkDelegate* network_delegate, |
| 201 const std::string& scheme) { | 184 const std::string& scheme) { |
| 202 DCHECK(scheme == "http" || scheme == "https" || scheme == "ws" || | 185 DCHECK(scheme == "http" || scheme == "https" || scheme == "ws" || |
| 203 scheme == "wss"); | 186 scheme == "wss"); |
| 204 | 187 |
| 205 if (!request->context()->http_transaction_factory()) { | 188 if (!request->context()->http_transaction_factory()) { |
| 206 NOTREACHED() << "requires a valid context"; | 189 NOTREACHED() << "requires a valid context"; |
| 207 return new URLRequestErrorJob( | 190 return new URLRequestErrorJob( |
| 208 request, network_delegate, ERR_INVALID_ARGUMENT); | 191 request, network_delegate, ERR_INVALID_ARGUMENT); |
| 209 } | 192 } |
| 210 | 193 |
| 211 URLRequestRedirectJob* redirect = | 194 const GURL& url = request->url(); |
| 212 MaybeInternallyRedirect(request, network_delegate); | 195 |
| 213 if (redirect) | 196 // Check for reasons not to return a URLRequestHttpJob. These don't apply to |
| 214 return redirect; | 197 // https and wss requests. |
| 198 if (!url.SchemeIsCryptographic()) { | |
| 199 // Check for HSTS upgrade. | |
| 200 TransportSecurityState* hsts = | |
| 201 request->context()->transport_security_state(); | |
| 202 if (hsts && hsts->ShouldUpgradeToSSL(url.host())) { | |
| 203 GURL::Replacements replacements; | |
| 204 replacements.SetSchemeStr( | |
| 205 url.SchemeIs(url::kHttpScheme) ? url::kHttpsScheme : url::kWssScheme); | |
| 206 return new URLRequestRedirectJob( | |
| 207 request, network_delegate, url.ReplaceComponents(replacements), | |
| 208 // Use status code 307 to preserve the method, so POST requests work. | |
| 209 URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT, "HSTS"); | |
| 210 } | |
| 211 | |
| 212 #if defined(OS_ANDROID) | |
| 213 // Check whether the app allows cleartext traffic to this host, and return | |
| 214 // ERR_BLOCKED_BY_CLIENT if not. | |
|
mef
2016/12/14 23:26:44
nit: ERR_CLEARTEXT_NOT_PERMITTED, not ERR_BLOCKED_
mgersh
2016/12/15 15:12:37
Oh, oops. Making a new CL to fix that.
| |
| 215 if (request->context()->check_cleartext_permitted() && | |
| 216 !android::IsCleartextPermitted(url.host())) { | |
| 217 return new URLRequestErrorJob(request, network_delegate, | |
| 218 ERR_CLEARTEXT_NOT_PERMITTED); | |
| 219 } | |
| 220 #endif | |
| 221 } | |
| 215 | 222 |
| 216 return new URLRequestHttpJob(request, | 223 return new URLRequestHttpJob(request, |
| 217 network_delegate, | 224 network_delegate, |
| 218 request->context()->http_user_agent_settings()); | 225 request->context()->http_user_agent_settings()); |
| 219 } | 226 } |
| 220 | 227 |
| 221 URLRequestHttpJob::URLRequestHttpJob( | 228 URLRequestHttpJob::URLRequestHttpJob( |
| 222 URLRequest* request, | 229 URLRequest* request, |
| 223 NetworkDelegate* network_delegate, | 230 NetworkDelegate* network_delegate, |
| 224 const HttpUserAgentSettings* http_user_agent_settings) | 231 const HttpUserAgentSettings* http_user_agent_settings) |
| (...skipping 1322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1547 awaiting_callback_ = false; | 1554 awaiting_callback_ = false; |
| 1548 | 1555 |
| 1549 // Notify NetworkQualityEstimator. | 1556 // Notify NetworkQualityEstimator. |
| 1550 NetworkQualityEstimator* network_quality_estimator = | 1557 NetworkQualityEstimator* network_quality_estimator = |
| 1551 request()->context()->network_quality_estimator(); | 1558 request()->context()->network_quality_estimator(); |
| 1552 if (network_quality_estimator) | 1559 if (network_quality_estimator) |
| 1553 network_quality_estimator->NotifyURLRequestDestroyed(*request()); | 1560 network_quality_estimator->NotifyURLRequestDestroyed(*request()); |
| 1554 } | 1561 } |
| 1555 | 1562 |
| 1556 } // namespace net | 1563 } // namespace net |
| OLD | NEW |
