| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
| 3 * reserved. | 3 * reserved. |
| 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
| 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
| 6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
| 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
| 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
| 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
| 10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 59 #include "core/frame/csp/ContentSecurityPolicy.h" | 59 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 60 #include "core/html/HTMLFormElement.h" | 60 #include "core/html/HTMLFormElement.h" |
| 61 #include "core/html/HTMLFrameOwnerElement.h" | 61 #include "core/html/HTMLFrameOwnerElement.h" |
| 62 #include "core/input/EventHandler.h" | 62 #include "core/input/EventHandler.h" |
| 63 #include "core/inspector/ConsoleMessage.h" | 63 #include "core/inspector/ConsoleMessage.h" |
| 64 #include "core/loader/DocumentLoadTiming.h" | 64 #include "core/loader/DocumentLoadTiming.h" |
| 65 #include "core/loader/DocumentLoader.h" | 65 #include "core/loader/DocumentLoader.h" |
| 66 #include "core/loader/FormSubmission.h" | 66 #include "core/loader/FormSubmission.h" |
| 67 #include "core/loader/FrameLoadRequest.h" | 67 #include "core/loader/FrameLoadRequest.h" |
| 68 #include "core/loader/LinkLoader.h" | 68 #include "core/loader/LinkLoader.h" |
| 69 #include "core/loader/MixedContentChecker.h" | |
| 70 #include "core/loader/NavigationScheduler.h" | 69 #include "core/loader/NavigationScheduler.h" |
| 71 #include "core/loader/NetworkHintsInterface.h" | 70 #include "core/loader/NetworkHintsInterface.h" |
| 72 #include "core/loader/ProgressTracker.h" | 71 #include "core/loader/ProgressTracker.h" |
| 73 #include "core/loader/appcache/ApplicationCacheHost.h" | 72 #include "core/loader/appcache/ApplicationCacheHost.h" |
| 74 #include "core/page/ChromeClient.h" | 73 #include "core/page/ChromeClient.h" |
| 75 #include "core/page/CreateWindow.h" | 74 #include "core/page/CreateWindow.h" |
| 76 #include "core/page/FrameTree.h" | 75 #include "core/page/FrameTree.h" |
| 77 #include "core/page/Page.h" | 76 #include "core/page/Page.h" |
| 78 #include "core/page/scrolling/ScrollingCoordinator.h" | 77 #include "core/page/scrolling/ScrollingCoordinator.h" |
| 79 #include "core/probe/CoreProbes.h" | 78 #include "core/probe/CoreProbes.h" |
| (...skipping 1265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1345 Document::kNoDismissal) { | 1344 Document::kNoDismissal) { |
| 1346 return kNavigationPolicyIgnore; | 1345 return kNavigationPolicyIgnore; |
| 1347 } | 1346 } |
| 1348 | 1347 |
| 1349 // Record the latest requiredCSP value that will be used when sending this | 1348 // Record the latest requiredCSP value that will be used when sending this |
| 1350 // request. | 1349 // request. |
| 1351 ResourceRequest& resource_request = frame_load_request.GetResourceRequest(); | 1350 ResourceRequest& resource_request = frame_load_request.GetResourceRequest(); |
| 1352 RecordLatestRequiredCSP(); | 1351 RecordLatestRequiredCSP(); |
| 1353 // Before modifying the request, check report-only CSP headers to give the | 1352 // Before modifying the request, check report-only CSP headers to give the |
| 1354 // site owner a chance to learn about requests that need to be modified. | 1353 // site owner a chance to learn about requests that need to be modified. |
| 1355 // | |
| 1356 // TODO(estark): this doesn't work with --enable-browser-side-navigation, | |
| 1357 // wherein 'frame-src' is checked in the browser process. Figure out what to | |
| 1358 // do; maybe with browser-side navigation the upgrade should be happening in | |
| 1359 // the browser process too. See also https://crbug.com/692595 | |
| 1360 Settings* settings = frame_->GetSettings(); | 1354 Settings* settings = frame_->GetSettings(); |
| 1361 MaybeCheckCSP( | 1355 MaybeCheckCSP( |
| 1362 resource_request, navigation_type, frame_, navigation_policy, | 1356 resource_request, navigation_type, frame_, navigation_policy, |
| 1363 frame_load_request.ShouldCheckMainWorldContentSecurityPolicy() == | 1357 frame_load_request.ShouldCheckMainWorldContentSecurityPolicy() == |
| 1364 kCheckContentSecurityPolicy, | 1358 kCheckContentSecurityPolicy, |
| 1365 settings && settings->GetBrowserSideNavigationEnabled(), | 1359 settings && settings->GetBrowserSideNavigationEnabled(), |
| 1366 ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); | 1360 ContentSecurityPolicy::CheckHeaderType::kCheckReportOnly); |
| 1367 ModifyRequestForCSP(resource_request, nullptr); | 1361 ModifyRequestForCSP(resource_request, nullptr); |
| 1368 | 1362 |
| 1369 return ShouldContinueForNavigationPolicy( | 1363 return ShouldContinueForNavigationPolicy( |
| (...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1589 // Early return if the request has already been upgraded. | 1583 // Early return if the request has already been upgraded. |
| 1590 if (!resource_request.HttpHeaderField(HTTPNames::Upgrade_Insecure_Requests) | 1584 if (!resource_request.HttpHeaderField(HTTPNames::Upgrade_Insecure_Requests) |
| 1591 .IsNull()) { | 1585 .IsNull()) { |
| 1592 return; | 1586 return; |
| 1593 } | 1587 } |
| 1594 | 1588 |
| 1595 resource_request.SetHTTPHeaderField(HTTPNames::Upgrade_Insecure_Requests, | 1589 resource_request.SetHTTPHeaderField(HTTPNames::Upgrade_Insecure_Requests, |
| 1596 "1"); | 1590 "1"); |
| 1597 } | 1591 } |
| 1598 | 1592 |
| 1593 // PlzNavigate: Upgrading subframe requests is handled by the browser process. |
| 1594 Settings* settings = frame_->GetSettings(); |
| 1595 if (resource_request.GetFrameType() == WebURLRequest::kFrameTypeNested && |
| 1596 settings && settings->GetBrowserSideNavigationEnabled()) { |
| 1597 return; |
| 1598 } |
| 1599 UpgradeInsecureRequest(resource_request, document); | 1599 UpgradeInsecureRequest(resource_request, document); |
| 1600 } | 1600 } |
| 1601 | 1601 |
| 1602 void FrameLoader::UpgradeInsecureRequest(ResourceRequest& resource_request, | 1602 void FrameLoader::UpgradeInsecureRequest(ResourceRequest& resource_request, |
| 1603 Document* document) const { | 1603 Document* document) const { |
| 1604 KURL url = resource_request.Url(); | 1604 KURL url = resource_request.Url(); |
| 1605 | 1605 |
| 1606 // If we don't yet have an |m_document| (because we're loading an iframe, for | 1606 // If we don't yet have an |m_document| (because we're loading an iframe, for |
| 1607 // instance), check the FrameLoader's policy. | 1607 // instance), check the FrameLoader's policy. |
| 1608 WebInsecureRequestPolicy relevant_policy = | 1608 WebInsecureRequestPolicy relevant_policy = |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1684 // TODO(japhet): This is needed because the browser process DCHECKs if the | 1684 // TODO(japhet): This is needed because the browser process DCHECKs if the |
| 1685 // first entry we commit in a new frame has replacement set. It's unclear | 1685 // first entry we commit in a new frame has replacement set. It's unclear |
| 1686 // whether the DCHECK is right, investigate removing this special case. | 1686 // whether the DCHECK is right, investigate removing this special case. |
| 1687 bool replace_current_item = load_type == kFrameLoadTypeReplaceCurrentItem && | 1687 bool replace_current_item = load_type == kFrameLoadTypeReplaceCurrentItem && |
| 1688 (!Opener() || !request.Url().IsEmpty()); | 1688 (!Opener() || !request.Url().IsEmpty()); |
| 1689 loader->SetReplacesCurrentHistoryItem(replace_current_item); | 1689 loader->SetReplacesCurrentHistoryItem(replace_current_item); |
| 1690 return loader; | 1690 return loader; |
| 1691 } | 1691 } |
| 1692 | 1692 |
| 1693 } // namespace blink | 1693 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2910573002:
Implement upgrade-insecure-requests in browser for frame requests (Closed)
