Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(150)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/appcache/appcache_update_job.cc

Issue 645123003: Do no AppCache responses with SSL cert errors. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/appcache/appcache_update_job.cc
diff --git a/content/browser/appcache/appcache_update_job.cc b/content/browser/appcache/appcache_update_job.cc
index 2b8b3ecc8169c96ce620dcb407c9398b26f761a0..609cfd2e6b25462f45e4b54f42f0f1e6abfbbd46 100644
--- a/content/browser/appcache/appcache_update_job.cc
+++ b/content/browser/appcache/appcache_update_job.cc
@@ -162,17 +162,27 @@ void AppCacheUpdateJob::URLFetcher::OnResponseStarted(
}
if ((response_code / 100) == 2) {
Ryan Sleevi 2014/10/11 00:54:44 unnecessary newline?
michaeln 2014/10/15 19:20:22 Done.
- // See http://code.google.com/p/chromium/issues/detail?id=69594
- // We willfully violate the HTML5 spec at this point in order
- // to support the appcaching of cross-origin HTTPS resources.
- // We've opted for a milder constraint and allow caching unless
- // the resource has a "no-store" header. A spec change has been
- // requested on the whatwg list.
- // TODO(michaeln): Consider doing this for cross-origin HTTP resources too.
- if (url_.SchemeIsSecure() &&
- url_.GetOrigin() != job_->manifest_url_.GetOrigin()) {
- if (request->response_headers()->
- HasHeaderValue("cache-control", "no-store")) {
+ if (url_.SchemeIsSecure()) {
+ // See http://code.google.com/p/chromium/issues/detail?id=69594
+ // We willfully violate the HTML5 spec at this point in order
+ // to support the appcaching of cross-origin HTTPS resources.
+ // We've opted for a milder constraint and allow caching unless
+ // the resource has a "no-store" header. A spec change has been
+ // requested on the whatwg list.
+ // TODO(michaeln): Consider doing this for cross-origin HTTP too.
+ if (url_.GetOrigin() != job_->manifest_url_.GetOrigin()) {
+ if (request->response_headers()->
+ HasHeaderValue("cache-control", "no-store")) {
+ DCHECK_EQ(-1, redirect_response_code_);
+ request->Cancel();
+ result_ = SERVER_ERROR; // Not the best match?
palmer 2014/10/10 23:48:10 Maybe CANCELED_ERROR, or add a new one, like NOT_S
michaeln 2014/10/15 19:20:22 SECURITY_ERROR?
+ OnResponseCompleted();
+ return;
+ }
+ }
+
+ // Do not cache content with cert errors.
+ if (net::IsCertStatusError(request->ssl_info().cert_status)) {
palmer 2014/10/10 23:50:32 Lines 186 – 190 duplicate lines 176 – 180; maybe j
michaeln 2014/10/15 19:20:21 Done.
DCHECK_EQ(-1, redirect_response_code_);
request->Cancel();
result_ = SERVER_ERROR; // Not the best match?
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698