Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(252)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/form_submission_throttle.cc

Issue 2910573002: Implement upgrade-insecure-requests in browser for frame requests (Closed)
Patch Set: rebase Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/browser/frame_host/mixed_content_navigation_throttle.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/form_submission_throttle.h" 5 #include "content/browser/frame_host/form_submission_throttle.h"
6 #include "content/browser/frame_host/navigation_handle_impl.h" 6 #include "content/browser/frame_host/navigation_handle_impl.h"
7 #include "content/public/browser/browser_thread.h" 7 #include "content/public/browser/browser_thread.h"
8 #include "content/public/browser/navigation_handle.h" 8 #include "content/public/browser/navigation_handle.h"
9 #include "content/public/browser/navigation_throttle.h" 9 #include "content/public/browser/navigation_throttle.h"
10 #include "content/public/common/browser_side_navigation_policy.h" 10 #include "content/public/common/browser_side_navigation_policy.h"
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
53 NavigationHandleImpl* handle = 53 NavigationHandleImpl* handle =
54 static_cast<NavigationHandleImpl*>(navigation_handle()); 54 static_cast<NavigationHandleImpl*>(navigation_handle());
55 55
56 if (handle->should_check_main_world_csp() == CSPDisposition::DO_NOT_CHECK) 56 if (handle->should_check_main_world_csp() == CSPDisposition::DO_NOT_CHECK)
57 return NavigationThrottle::PROCEED; 57 return NavigationThrottle::PROCEED;
58 58
59 const GURL& url = handle->GetURL(); 59 const GURL& url = handle->GetURL();
60 RenderFrameHostImpl* render_frame = 60 RenderFrameHostImpl* render_frame =
61 handle->frame_tree_node()->current_frame_host(); 61 handle->frame_tree_node()->current_frame_host();
62 62
63 // TODO(estark): Move this check into NavigationRequest and split it into (1)
64 // check report-only CSP, (2) upgrade request if needed, (3) check enforced
65 // CSP to match how frame-src works. https://crbug.com/713388
63 if (render_frame->IsAllowedByCsp(CSPDirective::FormAction, url, is_redirect, 66 if (render_frame->IsAllowedByCsp(CSPDirective::FormAction, url, is_redirect,
64 handle->source_location())) { 67 handle->source_location(),
68 CSPContext::CHECK_ALL_CSP)) {
65 return NavigationThrottle::PROCEED; 69 return NavigationThrottle::PROCEED;
66 } 70 }
67 71
68 return NavigationThrottle::CANCEL; 72 return NavigationThrottle::CANCEL;
69 } 73 }
70 74
71 } // namespace content 75 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/browser/frame_host/mixed_content_navigation_throttle.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698