Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(492)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/appcache/appcache_update_job.cc

Issue 725573004: Do not AppCache responses with SSL cert errors unless running with the --ignore-certificate-errors … (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/appcache/appcache_update_job.h" 5 #include "content/browser/appcache/appcache_update_job.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/compiler_specific.h" 9 #include "base/compiler_specific.h"
10 #include "base/message_loop/message_loop.h" 10 #include "base/message_loop/message_loop.h"
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after
172 172
173 if (url_.SchemeIsSecure()) { 173 if (url_.SchemeIsSecure()) {
174 // Do not cache content with cert errors. 174 // Do not cache content with cert errors.
175 // Also, we willfully violate the HTML5 spec at this point in order 175 // Also, we willfully violate the HTML5 spec at this point in order
176 // to support the appcaching of cross-origin HTTPS resources. 176 // to support the appcaching of cross-origin HTTPS resources.
177 // We've opted for a milder constraint and allow caching unless 177 // We've opted for a milder constraint and allow caching unless
178 // the resource has a "no-store" header. A spec change has been 178 // the resource has a "no-store" header. A spec change has been
179 // requested on the whatwg list. 179 // requested on the whatwg list.
180 // See http://code.google.com/p/chromium/issues/detail?id=69594 180 // See http://code.google.com/p/chromium/issues/detail?id=69594
181 // TODO(michaeln): Consider doing this for cross-origin HTTP too. 181 // TODO(michaeln): Consider doing this for cross-origin HTTP too.
182 if (net::IsCertStatusError(request->ssl_info().cert_status) || 182 const net::HttpNetworkSession::Params* session_params =
183 request->context()->GetNetworkSessionParams();
184 bool ignore_cert_errors = session_params &&
185 session_params->ignore_certificate_errors;
186 if ((net::IsCertStatusError(request->ssl_info().cert_status) &&
187 !ignore_cert_errors) ||
183 (url_.GetOrigin() != job_->manifest_url_.GetOrigin() && 188 (url_.GetOrigin() != job_->manifest_url_.GetOrigin() &&
184 request->response_headers()-> 189 request->response_headers()->
185 HasHeaderValue("cache-control", "no-store"))) { 190 HasHeaderValue("cache-control", "no-store"))) {
186 DCHECK_EQ(-1, redirect_response_code_); 191 DCHECK_EQ(-1, redirect_response_code_);
187 request->Cancel(); 192 request->Cancel();
188 result_ = SECURITY_ERROR; 193 result_ = SECURITY_ERROR;
189 OnResponseCompleted(); 194 OnResponseCompleted();
190 return; 195 return;
191 } 196 }
192 } 197 }
(...skipping 1414 matching lines...) Expand 10 before | Expand all | Expand 10 after
1607 1612
1608 // Break the connection with the group so the group cannot call delete 1613 // Break the connection with the group so the group cannot call delete
1609 // on this object after we've posted a task to delete ourselves. 1614 // on this object after we've posted a task to delete ourselves.
1610 group_->SetUpdateAppCacheStatus(AppCacheGroup::IDLE); 1615 group_->SetUpdateAppCacheStatus(AppCacheGroup::IDLE);
1611 group_ = NULL; 1616 group_ = NULL;
1612 1617
1613 base::MessageLoop::current()->DeleteSoon(FROM_HERE, this); 1618 base::MessageLoop::current()->DeleteSoon(FROM_HERE, this);
1614 } 1619 }
1615 1620
1616 } // namespace content 1621 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698