OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 726 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
737 // NOTE: |ProcessStrictTransportSecurityHeader| and | 737 // NOTE: |ProcessStrictTransportSecurityHeader| and |
738 // |ProcessPublicKeyPinsHeader| have very similar structures, by design. | 738 // |ProcessPublicKeyPinsHeader| have very similar structures, by design. |
739 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { | 739 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { |
740 DCHECK(response_info_); | 740 DCHECK(response_info_); |
741 TransportSecurityState* security_state = | 741 TransportSecurityState* security_state = |
742 request_->context()->transport_security_state(); | 742 request_->context()->transport_security_state(); |
743 const SSLInfo& ssl_info = response_info_->ssl_info; | 743 const SSLInfo& ssl_info = response_info_->ssl_info; |
744 | 744 |
745 // Only accept HSTS headers on HTTPS connections that have no | 745 // Only accept HSTS headers on HTTPS connections that have no |
746 // certificate errors. | 746 // certificate errors. |
747 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 747 if (!ssl_info.is_valid() || (IsCertStatusError(ssl_info.cert_status) && |
748 !IsCertStatusMinorError(ssl_info.cert_status)) || | |
davidben
2014/09/29 20:21:32
Is this bit still necessary now that it's not Cert
| |
748 !security_state) | 749 !security_state) |
749 return; | 750 return; |
750 | 751 |
751 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: | 752 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: |
752 // | 753 // |
753 // If a UA receives more than one STS header field in a HTTP response | 754 // If a UA receives more than one STS header field in a HTTP response |
754 // message over secure transport, then the UA MUST process only the | 755 // message over secure transport, then the UA MUST process only the |
755 // first such header field. | 756 // first such header field. |
756 HttpResponseHeaders* headers = GetResponseHeaders(); | 757 HttpResponseHeaders* headers = GetResponseHeaders(); |
757 std::string value; | 758 std::string value; |
758 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) | 759 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) |
759 security_state->AddHSTSHeader(request_info_.url.host(), value); | 760 security_state->AddHSTSHeader(request_info_.url.host(), value); |
760 } | 761 } |
761 | 762 |
762 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { | 763 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { |
763 DCHECK(response_info_); | 764 DCHECK(response_info_); |
764 TransportSecurityState* security_state = | 765 TransportSecurityState* security_state = |
765 request_->context()->transport_security_state(); | 766 request_->context()->transport_security_state(); |
766 const SSLInfo& ssl_info = response_info_->ssl_info; | 767 const SSLInfo& ssl_info = response_info_->ssl_info; |
767 | 768 |
768 // Only accept HPKP headers on HTTPS connections that have no | 769 // Only accept HPKP headers on HTTPS connections that have no |
769 // certificate errors. | 770 // certificate errors. |
770 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 771 if (!ssl_info.is_valid() || (IsCertStatusError(ssl_info.cert_status) && |
772 !IsCertStatusMinorError(ssl_info.cert_status)) || | |
davidben
2014/09/29 20:21:32
Ditto.
| |
771 !security_state) | 773 !security_state) |
772 return; | 774 return; |
773 | 775 |
774 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: | 776 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: |
775 // | 777 // |
776 // If a UA receives more than one PKP header field in an HTTP | 778 // If a UA receives more than one PKP header field in an HTTP |
777 // response message over secure transport, then the UA MUST process | 779 // response message over secure transport, then the UA MUST process |
778 // only the first such header field. | 780 // only the first such header field. |
779 HttpResponseHeaders* headers = GetResponseHeaders(); | 781 HttpResponseHeaders* headers = GetResponseHeaders(); |
780 std::string value; | 782 std::string value; |
(...skipping 736 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1517 return override_response_headers_.get() ? | 1519 return override_response_headers_.get() ? |
1518 override_response_headers_.get() : | 1520 override_response_headers_.get() : |
1519 transaction_->GetResponseInfo()->headers.get(); | 1521 transaction_->GetResponseInfo()->headers.get(); |
1520 } | 1522 } |
1521 | 1523 |
1522 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1524 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
1523 awaiting_callback_ = false; | 1525 awaiting_callback_ = false; |
1524 } | 1526 } |
1525 | 1527 |
1526 } // namespace net | 1528 } // namespace net |
OLD | NEW |