Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Side by Side Diff: net/url_request/url_request_job.cc

Issue 2917133002: Perform redirect checks before OnReceivedRedirect in //net. (Closed)
Patch Set: nasko comments Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/url_request/url_request_job.h ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request_job.h" 5 #include "net/url_request/url_request_job.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/callback_helpers.h" 10 #include "base/callback_helpers.h"
(...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after
307 } 307 }
308 308
309 void URLRequestJob::ContinueDespiteLastError() { 309 void URLRequestJob::ContinueDespiteLastError() {
310 // Implementations should know how to recover from errors they generate. 310 // Implementations should know how to recover from errors they generate.
311 // If this code was reached, we are trying to recover from an error that 311 // If this code was reached, we are trying to recover from an error that
312 // we don't know how to recover from. 312 // we don't know how to recover from.
313 NOTREACHED(); 313 NOTREACHED();
314 } 314 }
315 315
316 void URLRequestJob::FollowDeferredRedirect() { 316 void URLRequestJob::FollowDeferredRedirect() {
317 // OnReceivedRedirect must have been called.
317 DCHECK_NE(-1, deferred_redirect_info_.status_code); 318 DCHECK_NE(-1, deferred_redirect_info_.status_code);
318 319
319 // NOTE: deferred_redirect_info_ may be invalid, and attempting to follow it 320 // It is possible that FollowRedirect will delete |this|, so it is not safe to
320 // will fail inside FollowRedirect. The DCHECK above asserts that we called 321 // pass along a reference to |deferred_redirect_info_|.
321 // OnReceivedRedirect.
322
323 // It is also possible that FollowRedirect will delete |this|, so not safe to
324 // pass along reference to |deferred_redirect_info_|.
325
326 RedirectInfo redirect_info = deferred_redirect_info_; 322 RedirectInfo redirect_info = deferred_redirect_info_;
327 deferred_redirect_info_ = RedirectInfo(); 323 deferred_redirect_info_ = RedirectInfo();
328 FollowRedirect(redirect_info); 324 FollowRedirect(redirect_info);
329 } 325 }
330 326
331 bool URLRequestJob::GetMimeType(std::string* mime_type) const { 327 bool URLRequestJob::GetMimeType(std::string* mime_type) const {
332 return false; 328 return false;
333 } 329 }
334 330
335 int URLRequestJob::GetResponseCode() const { 331 int URLRequestJob::GetResponseCode() const {
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
450 request_->OnHeadersComplete(); 446 request_->OnHeadersComplete();
451 447
452 GURL new_location; 448 GURL new_location;
453 int http_status_code; 449 int http_status_code;
454 450
455 if (IsRedirectResponse(&new_location, &http_status_code)) { 451 if (IsRedirectResponse(&new_location, &http_status_code)) {
456 // Redirect response bodies are not read. Notify the transaction 452 // Redirect response bodies are not read. Notify the transaction
457 // so it does not treat being stopped as an error. 453 // so it does not treat being stopped as an error.
458 DoneReadingRedirectResponse(); 454 DoneReadingRedirectResponse();
459 455
456 // Invalid redirect targets are failed early before
457 // NotifyReceivedRedirect. This means the delegate can assume that, if it
458 // accepts the redirect, future calls to OnResponseStarted correspond to
459 // |redirect_info.new_url|.
460 int redirect_valid = CanFollowRedirect(new_location);
461 if (redirect_valid != OK) {
462 OnDone(URLRequestStatus::FromError(redirect_valid), true);
463 return;
464 }
465
460 // When notifying the URLRequest::Delegate, it can destroy the request, 466 // When notifying the URLRequest::Delegate, it can destroy the request,
461 // which will destroy |this|. After calling to the URLRequest::Delegate, 467 // which will destroy |this|. After calling to the URLRequest::Delegate,
462 // pointer must be checked to see if |this| still exists, and if not, the 468 // pointer must be checked to see if |this| still exists, and if not, the
463 // code must return immediately. 469 // code must return immediately.
464 base::WeakPtr<URLRequestJob> weak_this(weak_factory_.GetWeakPtr()); 470 base::WeakPtr<URLRequestJob> weak_this(weak_factory_.GetWeakPtr());
465 471
466 RedirectInfo redirect_info = 472 RedirectInfo redirect_info =
467 ComputeRedirectInfo(new_location, http_status_code); 473 ComputeRedirectInfo(new_location, http_status_code);
468 bool defer_redirect = false; 474 bool defer_redirect = false;
469 request_->NotifyReceivedRedirect(redirect_info, &defer_redirect); 475 request_->NotifyReceivedRedirect(redirect_info, &defer_redirect);
(...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after
713 if (result != ERR_IO_PENDING) { 719 if (result != ERR_IO_PENDING) {
714 // If the read completes synchronously, either success or failure, invoke 720 // If the read completes synchronously, either success or failure, invoke
715 // GatherRawReadStats so we can account for the completed read. 721 // GatherRawReadStats so we can account for the completed read.
716 GatherRawReadStats(result); 722 GatherRawReadStats(result);
717 } else { 723 } else {
718 read_raw_callback_ = callback; 724 read_raw_callback_ = callback;
719 } 725 }
720 return result; 726 return result;
721 } 727 }
722 728
729 int URLRequestJob::CanFollowRedirect(const GURL& new_url) {
730 if (request_->redirect_limit_ <= 0) {
731 DVLOG(1) << "disallowing redirect: exceeds limit";
732 return ERR_TOO_MANY_REDIRECTS;
733 }
734
735 if (!new_url.is_valid())
736 return ERR_INVALID_REDIRECT;
737
738 if (!IsSafeRedirect(new_url)) {
739 DVLOG(1) << "disallowing redirect: unsafe protocol";
740 return ERR_UNSAFE_REDIRECT;
741 }
742
743 return OK;
744 }
745
723 void URLRequestJob::FollowRedirect(const RedirectInfo& redirect_info) { 746 void URLRequestJob::FollowRedirect(const RedirectInfo& redirect_info) {
724 int rv = request_->Redirect(redirect_info); 747 request_->Redirect(redirect_info);
725 if (rv != OK)
726 OnDone(URLRequestStatus(URLRequestStatus::FAILED, rv), true);
727 } 748 }
728 749
729 void URLRequestJob::GatherRawReadStats(int bytes_read) { 750 void URLRequestJob::GatherRawReadStats(int bytes_read) {
730 DCHECK(raw_read_buffer_ || bytes_read == 0); 751 DCHECK(raw_read_buffer_ || bytes_read == 0);
731 DCHECK_NE(ERR_IO_PENDING, bytes_read); 752 DCHECK_NE(ERR_IO_PENDING, bytes_read);
732 753
733 if (bytes_read > 0) { 754 if (bytes_read > 0) {
734 // If there is a filter, bytes will be logged after the filter is applied. 755 // If there is a filter, bytes will be logged after the filter is applied.
735 if (source_stream_->type() != SourceStream::TYPE_NONE && 756 if (source_stream_->type() != SourceStream::TYPE_NONE &&
736 request()->net_log().IsCapturing()) { 757 request()->net_log().IsCapturing()) {
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
852 int64_t total_sent_bytes = GetTotalSentBytes(); 873 int64_t total_sent_bytes = GetTotalSentBytes();
853 DCHECK_GE(total_sent_bytes, last_notified_total_sent_bytes_); 874 DCHECK_GE(total_sent_bytes, last_notified_total_sent_bytes_);
854 if (total_sent_bytes > last_notified_total_sent_bytes_) { 875 if (total_sent_bytes > last_notified_total_sent_bytes_) {
855 network_delegate_->NotifyNetworkBytesSent( 876 network_delegate_->NotifyNetworkBytesSent(
856 request_, total_sent_bytes - last_notified_total_sent_bytes_); 877 request_, total_sent_bytes - last_notified_total_sent_bytes_);
857 } 878 }
858 last_notified_total_sent_bytes_ = total_sent_bytes; 879 last_notified_total_sent_bytes_ = total_sent_bytes;
859 } 880 }
860 881
861 } // namespace net 882 } // namespace net
OLDNEW
« no previous file with comments | « net/url_request/url_request_job.h ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698