Index: net/base/net_util.cc |
diff --git a/net/base/net_util.cc b/net/base/net_util.cc |
index 3b49dffb5c20d889003a09755276ddaa8e41542d..6f280683720268fe3d60bfc8feb4e753c537b35b 100644 |
--- a/net/base/net_util.cc |
+++ b/net/base/net_util.cc |
@@ -107,6 +107,7 @@ static const int kRestrictedPorts[] = { |
143, // imap2 |
179, // BGP |
389, // ldap |
+ 443, // https / wss (see https://crbug.com/436451) |
465, // smtp+ssl |
512, // print / exec |
513, // login |
@@ -144,6 +145,11 @@ static const int kAllowedFtpPorts[] = { |
22, // ssh |
}; |
+// HTTPS and WSS override the following restricted port. |
+static const int kAllowedHttpsOrWssPorts[] = { |
+ 443, // https / wss |
+}; |
+ |
bool IPNumberPrefixCheck(const IPAddressNumber& ip_number, |
const unsigned char* ip_prefix, |
size_t prefix_length_in_bits) { |
@@ -320,6 +326,29 @@ bool IsPortAllowedByFtp(int port) { |
return IsPortAllowedByDefault(port); |
} |
+bool IsPortAllowedByHttpsOrWss(int port) { |
+ int array_size = arraysize(kAllowedHttpsOrWssPorts); |
PhistucK
2014/12/05 09:02:30
Just a drive by -
Should this (and similar cases)
|
+ for (int i = 0; i < array_size; i++) { |
+ if (kAllowedHttpsOrWssPorts[i] == port) { |
+ return true; |
mmenke
2014/12/05 21:44:40
Indent here is wrong.
|
+ } |
+ } |
+ // Port not explicitly allowed by HTTPS or WSS, so return the default |
+ // restrictions. |
+ return IsPortAllowedByDefault(port); |
+} |
+ |
+bool IsEffectivePortAllowedByScheme(const GURL& url) { |
+ int port = url.EffectiveIntPort(); |
+ if (url.SchemeIs("ftp")) { |
+ return IsPortAllowedByFtp(port); |
+ } else if (url.SchemeIs("https") || url.SchemeIs("wss")) { |
+ return IsPortAllowedByHttpsOrWss(port); |
+ } else { |
+ return IsPortAllowedByDefault(port); |
+ } |
+} |
+ |
bool IsPortAllowedByOverride(int port) { |
if (g_explicitly_allowed_ports.Get().empty()) |
return false; |