third_party/WebKit/Source/core/loader/FrameLoader.cpp - Issue 2910573002: Implement upgrade-insecure-requests in browser for frame requests

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2910573002: Implement upgrade-insecure-requests in browser for frame requests (Closed)

Patch Set: fix BuildPolicy argument Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp

diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp

index 321898d1e26c18a5f03abdbd52a378983236649a..26e9edf21d374fcf6d781d178ad789d2764e077a 100644

--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp

+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp

@@ -65,7 +65,6 @@

#include "core/loader/FormSubmission.h"

#include "core/loader/FrameLoadRequest.h"

#include "core/loader/LinkLoader.h"

-#include "core/loader/MixedContentChecker.h"

#include "core/loader/NavigationScheduler.h"

#include "core/loader/NetworkHintsInterface.h"

#include "core/loader/ProgressTracker.h"

@@ -1357,11 +1356,6 @@ NavigationPolicy FrameLoader::CheckLoadCanStart(

RecordLatestRequiredCSP();

// Before modifying the request, check report-only CSP headers to give the

// site owner a chance to learn about requests that need to be modified.

- //

- // TODO(estark): this doesn't work with --enable-browser-side-navigation,

- // wherein 'frame-src' is checked in the browser process. Figure out what to

- // do; maybe with browser-side navigation the upgrade should be happening in

- // the browser process too. See also https://crbug.com/692595

Settings* settings = frame_->GetSettings();

MaybeCheckCSP(

resource_request, navigation_type, frame_, navigation_policy,

@@ -1600,6 +1594,12 @@ void FrameLoader::ModifyRequestForCSP(ResourceRequest& resource_request,

"1");

}

+ // PlzNavigate: Upgrading subframe requests is handled by the browser process.

+ Settings* settings = frame_->GetSettings();

+ if (resource_request.GetFrameType() == WebURLRequest::kFrameTypeNested &&

+ settings && settings->GetBrowserSideNavigationEnabled()) {

Mike West 2017/05/30 07:36:30 Tiny nit: You could skip checking `settings` here

estark 2017/06/01 04:18:30 I'll skip this one if you don't mind -- my weaklin

+ return;

+ }

UpgradeInsecureRequest(resource_request, document);

}

« third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp ('k') | no next file » | no next file with comments »