Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(201)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/fetch/ResourceFetcher.cpp

Issue 930323002: Upgrade: Send a 'Prefer' header for feature detection. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Rename? Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/fetch/ResourceFetcher.h ('k') | Source/core/fetch/ResourceFetcherTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/
7 7
8 This library is free software; you can redistribute it and/or 8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Library General Public 9 modify it under the terms of the GNU Library General Public
10 License as published by the Free Software Foundation; either 10 License as published by the Free Software Foundation; either
(...skipping 701 matching lines...) Expand 10 before | Expand all | Expand 10 after
712 } 712 }
713 m_validatedURLs.add(request.resourceRequest().url()); 713 m_validatedURLs.add(request.resourceRequest().url());
714 } 714 }
715 715
716 ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, Fetc hRequest& request) 716 ResourcePtr<Resource> ResourceFetcher::requestResource(Resource::Type type, Fetc hRequest& request)
717 { 717 {
718 ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw); 718 ASSERT(request.options().synchronousPolicy == RequestAsynchronously || type == Resource::Raw);
719 719
720 TRACE_EVENT0("blink", "ResourceFetcher::requestResource"); 720 TRACE_EVENT0("blink", "ResourceFetcher::requestResource");
721 721
722 maybeUpgradeInsecureRequestURL(request); 722 upgradeInsecureRequest(request);
723 723
724 KURL url = request.resourceRequest().url(); 724 KURL url = request.resourceRequest().url();
725 725
726 WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s ', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), req uest.charset().latin1().data(), request.priority(), request.forPreload(), Resour ceTypeName(type)); 726 WTF_LOG(ResourceLoading, "ResourceFetcher::requestResource '%s', charset '%s ', priority=%d, forPreload=%u, type=%s", url.elidedString().latin1().data(), req uest.charset().latin1().data(), request.priority(), request.forPreload(), Resour ceTypeName(type));
727 727
728 // If only the fragment identifiers differ, it is the same resource. 728 // If only the fragment identifiers differ, it is the same resource.
729 url = MemoryCache::removeFragmentIdentifierIfNeeded(url); 729 url = MemoryCache::removeFragmentIdentifierIfNeeded(url);
730 730
731 if (!url.isValid()) 731 if (!url.isValid())
732 return nullptr; 732 return nullptr;
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after
894 if (request.requestContext() == WebURLRequest::RequestContextUnspecified) 894 if (request.requestContext() == WebURLRequest::RequestContextUnspecified)
895 determineRequestContext(request, type); 895 determineRequestContext(request, type);
896 if (type == Resource::LinkPrefetch || type == Resource::LinkSubresource) 896 if (type == Resource::LinkPrefetch || type == Resource::LinkSubresource)
897 request.setHTTPHeaderField("Purpose", "prefetch"); 897 request.setHTTPHeaderField("Purpose", "prefetch");
898 if (frame()->document()) 898 if (frame()->document())
899 request.setOriginatesFromReservedIPRange(frame()->document()->isHostedIn ReservedIPRange()); 899 request.setOriginatesFromReservedIPRange(frame()->document()->isHostedIn ReservedIPRange());
900 900
901 context().addAdditionalRequestHeaders(document(), request, (type == Resource ::MainResource) ? FetchMainResource : FetchSubresource); 901 context().addAdditionalRequestHeaders(document(), request, (type == Resource ::MainResource) ? FetchMainResource : FetchSubresource);
902 } 902 }
903 903
904 void ResourceFetcher::maybeUpgradeInsecureRequestURL(FetchRequest& fetchRequest) 904 void ResourceFetcher::upgradeInsecureRequest(FetchRequest& fetchRequest)
905 { 905 {
906 if (!m_document) 906 if (!m_document || !RuntimeEnabledFeatures::experimentalContentSecurityPolic yFeaturesEnabled())
907 return; 907 return;
908 908
909 KURL url = fetchRequest.resourceRequest().url(); 909 KURL url = fetchRequest.resourceRequest().url();
910
911 // Tack a 'Prefer' header to outgoing navigational requests, as described in
912 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect
913 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo ne && !SecurityOrigin::isSecure(url))
914 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "retu rn=secure-representation");
915
910 if (m_document->insecureContentPolicy() == SecurityContext::InsecureContentU pgrade && url.protocolIs("http")) { 916 if (m_document->insecureContentPolicy() == SecurityContext::InsecureContentU pgrade && url.protocolIs("http")) {
911 // We always upgrade subresource requests and nested frames, we always u pgrade form 917 // We always upgrade subresource requests and nested frames, we always u pgrade form
912 // submissions, and we always upgrade requests whose host matches the ho st of the 918 // submissions, and we always upgrade requests whose host matches the ho st of the
913 // containing document's security origin. 919 // containing document's security origin.
914 // 920 //
915 // FIXME: We need to check the document that set the policy, not the cur rent document. 921 // FIXME: We need to check the document that set the policy, not the cur rent document.
916 const ResourceRequest& request = fetchRequest.resourceRequest(); 922 const ResourceRequest& request = fetchRequest.resourceRequest();
917 if (request.frameType() == WebURLRequest::FrameTypeNone 923 if (request.frameType() == WebURLRequest::FrameTypeNone
918 || request.frameType() == WebURLRequest::FrameTypeNested 924 || request.frameType() == WebURLRequest::FrameTypeNested
919 || request.requestContext() == WebURLRequest::RequestContextForm 925 || request.requestContext() == WebURLRequest::RequestContextForm
(...skipping 726 matching lines...) Expand 10 before | Expand all | Expand 10 after
1646 ResourceLoaderHost::trace(visitor); 1652 ResourceLoaderHost::trace(visitor);
1647 } 1653 }
1648 1654
1649 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) 1655 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host)
1650 { 1656 {
1651 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); 1657 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType);
1652 return static_cast<ResourceFetcher*>(host); 1658 return static_cast<ResourceFetcher*>(host);
1653 } 1659 }
1654 1660
1655 } 1661 }
OLDNEW
« no previous file with comments | « Source/core/fetch/ResourceFetcher.h ('k') | Source/core/fetch/ResourceFetcherTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698