net/base/transport_security_state.cc - Issue 460135: STS: add chrome.google.com to the built in STS list.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/transport_security_state.cc

Issue 460135: STS: add chrome.google.com to the built in STS list. (Closed)

Patch Set: Created 11 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/transport_security_state.cc

diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc

index 35b930ce5365b4e02b46c0b49960d735b0126f87..ccce6a093857bc5e6726775b43a7e300e4f19a1c 100644

--- a/net/base/transport_security_state.cc

+++ b/net/base/transport_security_state.cc

@@ -24,6 +24,11 @@ TransportSecurityState::TransportSecurityState()

void TransportSecurityState::EnableHost(const std::string& host,

const DomainState& state) {

+ if (GetBuiltin(NULL, host)) {

+ // You cannot override the settings of a builtin record.

+ return;

+ }

const std::string canonicalised_host = CanonicaliseHost(host);

if (canonicalised_host.empty())

return;

@@ -52,23 +57,27 @@ bool TransportSecurityState::IsEnabledForHost(DomainState* result,

sizeof(hashed_domain));

std::map<std::string, DomainState>::iterator j =

enabled_hosts_.find(std::string(hashed_domain, sizeof(hashed_domain)));

- if (j == enabled_hosts_.end())

- continue;

+ if (j != enabled_hosts_.end()) {

+ if (current_time > j->second.expiry) {

+ enabled_hosts_.erase(j);

+ DirtyNotify();

+ continue;

+ }

+ *result = j->second;

- if (current_time > j->second.expiry) {

- enabled_hosts_.erase(j);

- DirtyNotify();

+ } else if (GetBuiltin(result, host)) {

+ // The host has a builtin record. We don't check the expiry on these.

+ } else {

+ // no record for this host. Try the next least specific domain.

continue;

}

- *result = j->second;

// If we matched the domain exactly, it doesn't matter what the value of

// include_subdomains is.

if (i == 0)

return true;

- return j->second.include_subdomains;

+ return result->include_subdomains;

}

return false;

@@ -334,4 +343,22 @@ std::string TransportSecurityState::CanonicaliseHost(const std::string& host) {

return new_host;

}

+bool TransportSecurityState::GetBuiltin(DomainState* result,

+ const std::string& host) {

+ // This time is somewhere around the year 2970.

+ static const double kNoExpiry = 31557600000;

+ // For the moment this list is just compiled into the browser.

+ if (host == "chrome.google.com") {

abarth-chromium 2009/12/08 03:09:42 They rolled back this change because they're hosti

+ if (result) {

+ result->mode = DomainState::MODE_STRICT;

+ result->include_subdomains = true;

abarth-chromium 2009/12/08 03:09:42 This should be false.

+ result->expiry = base::Time::FromDoubleT(kNoExpiry);

+ }

+ return true;

+ }

+ return false;

} // namespace

« no previous file with comments | « net/base/transport_security_state.h ('k') | net/base/transport_security_state_unittest.cc » ('j') | no next file with comments »