|
Upgrade insecure requests: Pipe navigational hosts down into nested documents.
After [1], we need to track hosts (including ancestor hosts) that have
set the 'upgrade-insecure-requests' directive in their respective policies
in order to correctly upgrade navigational requests to one of those
hosts.
This patch adds a 'HashSet<unsigned>' to SecurityContext that holds the
hashes of the hosts which have opted-into such treatment, ensures that
the set is correctly populated when creating a Document or applying a
policy, and uses the set to make decisions about navigational upgrades
inside ResourceFetcher.
[1]: ttps://github.com/w3c/webappsec/commit/f947b75e9b906c53d0bd6e66ca59b60bfe0aa20e
BUG= 455674
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=191421
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+52 lines, -11 lines) |
Patch |
|
M |
Source/core/dom/Document.cpp
|
View
|
|
1 chunk |
+4 lines, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/dom/DocumentInit.h
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/dom/DocumentInit.cpp
|
View
|
|
1 chunk |
+6 lines, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/dom/SecurityContext.h
|
View
|
|
4 chunks |
+9 lines, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/fetch/ResourceFetcher.cpp
|
View
|
|
1 chunk |
+7 lines, -6 lines |
0 comments
|
Download
|
|
M |
Source/core/fetch/ResourceFetcherTest.cpp
|
View
|
|
2 chunks |
+3 lines, -4 lines |
0 comments
|
Download
|
|
M |
Source/core/frame/csp/ContentSecurityPolicy.cpp
|
View
|
|
1 chunk |
+3 lines, -1 line |
0 comments
|
Download
|
|
M |
Source/core/frame/csp/ContentSecurityPolicyTest.cpp
|
View
|
|
4 chunks |
+4 lines, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/loader/FrameLoader.h
|
View
|
|
1 chunk |
+1 line, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/loader/FrameLoader.cpp
|
View
|
|
1 chunk |
+14 lines, -0 lines |
0 comments
|
Download
|
Total messages: 12 (2 generated)
|