| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
| 3 * reserved. | 3 * reserved. |
| 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
| 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
| 6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
| 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
| 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
| 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
| 10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 58 #include "core/frame/csp/ContentSecurityPolicy.h" | 58 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 59 #include "core/html/HTMLFormElement.h" | 59 #include "core/html/HTMLFormElement.h" |
| 60 #include "core/html/HTMLFrameOwnerElement.h" | 60 #include "core/html/HTMLFrameOwnerElement.h" |
| 61 #include "core/input/EventHandler.h" | 61 #include "core/input/EventHandler.h" |
| 62 #include "core/inspector/ConsoleMessage.h" | 62 #include "core/inspector/ConsoleMessage.h" |
| 63 #include "core/loader/DocumentLoadTiming.h" | 63 #include "core/loader/DocumentLoadTiming.h" |
| 64 #include "core/loader/DocumentLoader.h" | 64 #include "core/loader/DocumentLoader.h" |
| 65 #include "core/loader/FormSubmission.h" | 65 #include "core/loader/FormSubmission.h" |
| 66 #include "core/loader/FrameLoadRequest.h" | 66 #include "core/loader/FrameLoadRequest.h" |
| 67 #include "core/loader/LinkLoader.h" | 67 #include "core/loader/LinkLoader.h" |
| 68 #include "core/loader/MixedContentChecker.h" | |
| 69 #include "core/loader/NavigationScheduler.h" | 68 #include "core/loader/NavigationScheduler.h" |
| 70 #include "core/loader/NetworkHintsInterface.h" | 69 #include "core/loader/NetworkHintsInterface.h" |
| 71 #include "core/loader/ProgressTracker.h" | 70 #include "core/loader/ProgressTracker.h" |
| 72 #include "core/loader/appcache/ApplicationCacheHost.h" | 71 #include "core/loader/appcache/ApplicationCacheHost.h" |
| 73 #include "core/page/ChromeClient.h" | 72 #include "core/page/ChromeClient.h" |
| 74 #include "core/page/CreateWindow.h" | 73 #include "core/page/CreateWindow.h" |
| 75 #include "core/page/FrameTree.h" | 74 #include "core/page/FrameTree.h" |
| 76 #include "core/page/Page.h" | 75 #include "core/page/Page.h" |
| 77 #include "core/page/WindowFeatures.h" | 76 #include "core/page/WindowFeatures.h" |
| 78 #include "core/page/scrolling/ScrollingCoordinator.h" | 77 #include "core/page/scrolling/ScrollingCoordinator.h" |
| (...skipping 1271 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1350 Document::kNoDismissal) { | 1349 Document::kNoDismissal) { |
| 1351 return kNavigationPolicyIgnore; | 1350 return kNavigationPolicyIgnore; |
| 1352 } | 1351 } |
| 1353 | 1352 |
| 1354 // Record the latest requiredCSP value that will be used when sending this | 1353 // Record the latest requiredCSP value that will be used when sending this |
| 1355 // request. | 1354 // request. |
| 1356 ResourceRequest& resource_request = frame_load_request.GetResourceRequest(); | 1355 ResourceRequest& resource_request = frame_load_request.GetResourceRequest(); |
| 1357 RecordLatestRequiredCSP(); | 1356 RecordLatestRequiredCSP(); |
| 1358 // Before modifying the request, check report-only CSP headers to give the | 1357 // Before modifying the request, check report-only CSP headers to give the |
| 1359 // site owner a chance to learn about requests that need to be modified. | 1358 // site owner a chance to learn about requests that need to be modified. |
| 1360 // | |
| 1361 // TODO(estark): this doesn't work with --enable-browser-side-navigation, | |
| 1362 // wherein 'frame-src' is checked in the browser process. Figure out what to | |
| 1363 // do; maybe with browser-side navigation the upgrade should be happening in | |
| 1364 // the browser process too. See also https://crbug.com/692595 | |
| 1365 Settings* settings = frame_->GetSettings(); | 1359 Settings* settings = frame_->GetSettings(); |
| 1366 MaybeCheckCSP( | 1360 MaybeCheckCSP( |
| 1367 resource_request, navigation_type, frame_, navigation_policy, | 1361 resource_request, navigation_type, frame_, navigation_policy, |
| 1368 frame_load_request.ShouldCheckMainWorldContentSecurityPolicy() == | 1362 frame_load_request.ShouldCheckMainWorldContentSecurityPolicy() == |
| 1369 kCheckContentSecurityPolicy, | 1363 kCheckContentSecurityPolicy, |
| 1370 settings && settings->GetBrowserSideNavigationEnabled(), | 1364 settings && settings->GetBrowserSideNavigationEnabled(), |
| 1371 ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); | 1365 ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); |
| 1372 ModifyRequestForCSP(resource_request, nullptr); | 1366 ModifyRequestForCSP(resource_request, nullptr); |
| 1373 | 1367 |
| 1374 return ShouldContinueForNavigationPolicy( | 1368 return ShouldContinueForNavigationPolicy( |
| (...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1593 // Early return if the request has already been upgraded. | 1587 // Early return if the request has already been upgraded. |
| 1594 if (!resource_request.HttpHeaderField(HTTPNames::Upgrade_Insecure_Requests) | 1588 if (!resource_request.HttpHeaderField(HTTPNames::Upgrade_Insecure_Requests) |
| 1595 .IsNull()) { | 1589 .IsNull()) { |
| 1596 return; | 1590 return; |
| 1597 } | 1591 } |
| 1598 | 1592 |
| 1599 resource_request.SetHTTPHeaderField(HTTPNames::Upgrade_Insecure_Requests, | 1593 resource_request.SetHTTPHeaderField(HTTPNames::Upgrade_Insecure_Requests, |
| 1600 "1"); | 1594 "1"); |
| 1601 } | 1595 } |
| 1602 | 1596 |
| 1597 // PlzNavigate: Upgrading subframe requests is handled by the browser process. |
| 1598 Settings* settings = frame_->GetSettings(); |
| 1599 if (resource_request.GetFrameType() == WebURLRequest::kFrameTypeNested && |
| 1600 settings && settings->GetBrowserSideNavigationEnabled()) { |
| 1601 return; |
| 1602 } |
| 1603 UpgradeInsecureRequest(resource_request, document); | 1603 UpgradeInsecureRequest(resource_request, document); |
| 1604 } | 1604 } |
| 1605 | 1605 |
| 1606 void FrameLoader::UpgradeInsecureRequest(ResourceRequest& resource_request, | 1606 void FrameLoader::UpgradeInsecureRequest(ResourceRequest& resource_request, |
| 1607 Document* document) const { | 1607 Document* document) const { |
| 1608 KURL url = resource_request.Url(); | 1608 KURL url = resource_request.Url(); |
| 1609 | 1609 |
| 1610 // If we don't yet have an |m_document| (because we're loading an iframe, for | 1610 // If we don't yet have an |m_document| (because we're loading an iframe, for |
| 1611 // instance), check the FrameLoader's policy. | 1611 // instance), check the FrameLoader's policy. |
| 1612 WebInsecureRequestPolicy relevant_policy = | 1612 WebInsecureRequestPolicy relevant_policy = |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1688 // TODO(japhet): This is needed because the browser process DCHECKs if the | 1688 // TODO(japhet): This is needed because the browser process DCHECKs if the |
| 1689 // first entry we commit in a new frame has replacement set. It's unclear | 1689 // first entry we commit in a new frame has replacement set. It's unclear |
| 1690 // whether the DCHECK is right, investigate removing this special case. | 1690 // whether the DCHECK is right, investigate removing this special case. |
| 1691 bool replace_current_item = load_type == kFrameLoadTypeReplaceCurrentItem && | 1691 bool replace_current_item = load_type == kFrameLoadTypeReplaceCurrentItem && |
| 1692 (!Opener() || !request.Url().IsEmpty()); | 1692 (!Opener() || !request.Url().IsEmpty()); |
| 1693 loader->SetReplacesCurrentHistoryItem(replace_current_item); | 1693 loader->SetReplacesCurrentHistoryItem(replace_current_item); |
| 1694 return loader; | 1694 return loader; |
| 1695 } | 1695 } |
| 1696 | 1696 |
| 1697 } // namespace blink | 1697 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2910573002:
Implement upgrade-insecure-requests in browser for frame requests (Closed)
