CSP: Adding the 'upgrade-insecure-requests' directive.

Source/core/fetch/ResourceFetcher.cpp

Index: Source/core/fetch/ResourceFetcher.cpp
diff --git a/Source/core/fetch/ResourceFetcher.cpp b/Source/core/fetch/ResourceFetcher.cpp
index d67eb023c759718c5305aaf0c69adfaee7704ab3..f16642c9f5c30c13a430598218e6fd113877e45d 100644
--- a/Source/core/fetch/ResourceFetcher.cpp
+++ b/Source/core/fetch/ResourceFetcher.cpp
@@ -66,6 +66,7 @@
 #include "platform/Logging.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/TraceEvent.h"
+#include "platform/weborigin/KnownPorts.h"
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "platform/weborigin/SecurityPolicy.h"
@@ -715,6 +716,8 @@ ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, Fetc
 
     TRACE_EVENT0("blink", "ResourceFetcher::requestResource");
 
+    maybeUpgradeInsecureRequestURL(request);
+
     KURL url = request.resourceRequest().url();
 
     WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), request.charset().latin1().data(), request.priority(), request.forPreload(), ResourceTypeName(type));
@@ -895,6 +898,23 @@ void ResourceFetcher::addAdditionalRequestHeaders(ResourceRequest& request, Reso
     context().addAdditionalRequestHeaders(document(), request, (type == Resource::MainResource) ? FetchMainResource : FetchSubresource);
 }
 
+void ResourceFetcher::maybeUpgradeInsecureRequestURL(FetchRequest& request)
+{
+    if (!m_document)
+        return;
+
+    KURL url = request.resourceRequest().url();
+    if (m_document->insecureContentPolicy() == SecurityContext::InsecureContentUpgrade && url.protocol() == "http") {

[Ryan Sleevi, 2015/02/05 20:03:04]

*cough* ws:// -> wss://

[Mike West, 2015/02/05 20:19:08]

That's going to happen in a followup (somewhere around
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit...),
as WebSockets doesn't go through ResourceFetcher.

+        url.setProtocol("https");
+        // FIXME: HACKY HACKY HACKY HACKY.
+        if (url.port() == 8000 || url.port() == 8080)
+            url.setPort(8443);

[Ryan Sleevi, 2015/02/05 20:03:03]

wat?

No no no

[Mike West, 2015/02/05 20:19:08]

Totally. I did this to make the test work as a PoC, I don't intend to land it
this way. As I noted in patchset #2, "And, as much as I'd like to, I really
can't land it with this comparison. I need a better option to distinguish
between the way it should work in the real world, and the way it should work for
crazy layout tests. :/"

+        else if (url.port() == 80)
+            url.setPort(443);

[Ryan Sleevi, 2015/02/05 20:03:03]

yes yes yes

+        request.mutableResourceRequest().setURL(url);
+    }
+}
+
 ResourcePtr<Resource> ResourceFetcher::createResourceForRevalidation(const FetchRequest& request, Resource* resource)
 {
     ASSERT(resource);