Chromium Code Reviews Chromium Code Reviews
Issue 2546213003:
Implement net/ support for Android's NetworkSecurityPolicy (Closed)
| Index: net/url_request/url_request_http_job.cc |
| diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc |
| index 5f2fd91d6cc266ec923c49e6dad4e3191c255d51..93e352c2105d343a87e6db15aed1ede51a08f6fd 100644 |
| --- a/net/url_request/url_request_http_job.cc |
| +++ b/net/url_request/url_request_http_job.cc |
| @@ -67,6 +67,10 @@ |
| #include "net/websockets/websocket_handshake_stream_base.h" |
| #include "url/origin.h" |
| +#if defined(OS_ANDROID) |
| +#include "net/android/network_library.h" |
| +#endif |
| + |
| static const char kAvailDictionaryHeader[] = "Avail-Dictionary"; |
| namespace { |
| @@ -168,27 +172,6 @@ void LogChannelIDAndCookieStores(const GURL& url, |
| EPHEMERALITY_MAX); |
| } |
| -net::URLRequestRedirectJob* MaybeInternallyRedirect( |
| - net::URLRequest* request, |
| - net::NetworkDelegate* network_delegate) { |
| - const GURL& url = request->url(); |
| - if (url.SchemeIsCryptographic()) |
| - return nullptr; |
| - |
| - net::TransportSecurityState* hsts = |
| - request->context()->transport_security_state(); |
| - if (!hsts || !hsts->ShouldUpgradeToSSL(url.host())) |
| - return nullptr; |
| - |
| - GURL::Replacements replacements; |
| - replacements.SetSchemeStr(url.SchemeIs(url::kHttpScheme) ? url::kHttpsScheme |
| - : url::kWssScheme); |
| - return new net::URLRequestRedirectJob( |
| - request, network_delegate, url.ReplaceComponents(replacements), |
| - // Use status code 307 to preserve the method, so POST requests work. |
| - net::URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT, "HSTS"); |
| -} |
| - |
| } // namespace |
| namespace net { |
| @@ -207,10 +190,34 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request, |
| request, network_delegate, ERR_INVALID_ARGUMENT); |
| } |
| - URLRequestRedirectJob* redirect = |
| - MaybeInternallyRedirect(request, network_delegate); |
| - if (redirect) |
| - return redirect; |
| + const GURL& url = request->url(); |
| + |
| + // Check for reasons not to return a URLRequestHttpJob. These don't apply to |
| + // https and wss requests. |
| + if (!url.SchemeIsCryptographic()) { |
| + // Check for HSTS upgrade. |
| + net::TransportSecurityState* hsts = |
| + request->context()->transport_security_state(); |
| + if (hsts && hsts->ShouldUpgradeToSSL(url.host())) { |
| + GURL::Replacements replacements; |
| + replacements.SetSchemeStr( |
| + url.SchemeIs(url::kHttpScheme) ? url::kHttpsScheme : url::kWssScheme); |
| + return new net::URLRequestRedirectJob( |
| + request, network_delegate, url.ReplaceComponents(replacements), |
| + // Use status code 307 to preserve the method, so POST requests work. |
| + net::URLRequestRedirectJob::REDIRECT_307_TEMPORARY_REDIRECT, "HSTS"); |
| + } |
| + |
| +#if defined(OS_ANDROID) |
| + // Check whether the app allows cleartext traffic to this host, and return |
| + // ERR_BLOCKED_BY_CLIENT if not. |
| + if (request->context()->check_cleartext_permitted() && |
| + !net::android::IsCleartextPermitted(url.host())) { |
| + return new net::URLRequestErrorJob(request, network_delegate, |
| + net::ERR_BLOCKED_BY_CLIENT); |
|
mmenke
2016/12/13 19:04:56
May want to add another error code for this. ERR_
mgersh
2016/12/13 19:34:42
Done.
|
| + } |
| +#endif |
| + } |
| return new URLRequestHttpJob(request, |
| network_delegate, |
