| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request.h" | 5 #include "net/url_request/url_request.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback.h" | 9 #include "base/callback.h" |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 1009 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1020 NetLog::IntegerCallback("priority", priority_)); | 1020 NetLog::IntegerCallback("priority", priority_)); |
| 1021 job_->SetPriority(priority_); | 1021 job_->SetPriority(priority_); |
| 1022 } | 1022 } |
| 1023 } | 1023 } |
| 1024 | 1024 |
| 1025 bool URLRequest::GetHSTSRedirect(GURL* redirect_url) const { | 1025 bool URLRequest::GetHSTSRedirect(GURL* redirect_url) const { |
| 1026 const GURL& url = this->url(); | 1026 const GURL& url = this->url(); |
| 1027 if (!url.SchemeIs("http")) | 1027 if (!url.SchemeIs("http")) |
| 1028 return false; | 1028 return false; |
| 1029 TransportSecurityState* state = context()->transport_security_state(); | 1029 TransportSecurityState* state = context()->transport_security_state(); |
| 1030 if (state && state->ShouldUpgradeToSSL(url.host())) { | 1030 bool shouldUpgradeDueToHost = state && state->ShouldUpgradeToSSL(url.host()); |
| 1031 // If the port is 443, always redirect. This prevents sites from using AJAX |
| 1032 // calls to tell if HSTS is set for a domain (by visiting |
| 1033 // http://example.com:443), which is a privacy leak if the site is not on the |
| 1034 // preload list. |
| 1035 // https://code.google.com/p/chromium/issues/detail?id=436451 |
| 1036 bool shouldUpgradeDueToPort = url.has_port() && url.IntPort() == 443; |
| 1037 if (shouldUpgradeDueToHost || shouldUpgradeDueToPort) { |
| 1031 url::Replacements<char> replacements; | 1038 url::Replacements<char> replacements; |
| 1032 const char kNewScheme[] = "https"; | 1039 const char kNewScheme[] = "https"; |
| 1033 replacements.SetScheme(kNewScheme, url::Component(0, strlen(kNewScheme))); | 1040 replacements.SetScheme(kNewScheme, url::Component(0, strlen(kNewScheme))); |
| 1034 *redirect_url = url.ReplaceComponents(replacements); | 1041 *redirect_url = url.ReplaceComponents(replacements); |
| 1035 return true; | 1042 return true; |
| 1036 } | 1043 } |
| 1037 return false; | 1044 return false; |
| 1038 } | 1045 } |
| 1039 | 1046 |
| 1040 void URLRequest::NotifyAuthRequired(AuthChallengeInfo* auth_info) { | 1047 void URLRequest::NotifyAuthRequired(AuthChallengeInfo* auth_info) { |
| (...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1225 new base::debug::StackTrace(NULL, 0); | 1232 new base::debug::StackTrace(NULL, 0); |
| 1226 *stack_trace_copy = stack_trace; | 1233 *stack_trace_copy = stack_trace; |
| 1227 stack_trace_.reset(stack_trace_copy); | 1234 stack_trace_.reset(stack_trace_copy); |
| 1228 } | 1235 } |
| 1229 | 1236 |
| 1230 const base::debug::StackTrace* URLRequest::stack_trace() const { | 1237 const base::debug::StackTrace* URLRequest::stack_trace() const { |
| 1231 return stack_trace_.get(); | 1238 return stack_trace_.get(); |
| 1232 } | 1239 } |
| 1233 | 1240 |
| 1234 } // namespace net | 1241 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 764473002:
Rewrite HTTP requests over port 443 to HTTPS (in the HSTS code). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master