OLD | NEW |
---|---|
1 /* | 1 /* |
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. |
6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
7 | 7 |
8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
(...skipping 868 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
879 return; | 879 return; |
880 | 880 |
881 KURL url = fetchRequest.resourceRequest().url(); | 881 KURL url = fetchRequest.resourceRequest().url(); |
882 | 882 |
883 // Tack a 'Prefer' header to outgoing navigational requests, as described in | 883 // Tack a 'Prefer' header to outgoing navigational requests, as described in |
884 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect | 884 // https://w3c.github.io/webappsec/specs/upgrade/#feature-detect |
885 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo ne && !SecurityOrigin::isSecure(url)) | 885 if (fetchRequest.resourceRequest().frameType() != WebURLRequest::FrameTypeNo ne && !SecurityOrigin::isSecure(url)) |
886 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "retu rn=secure-representation"); | 886 fetchRequest.mutableResourceRequest().addHTTPHeaderField("Prefer", "retu rn=secure-representation"); |
887 | 887 |
888 if (document()->insecureRequestsPolicy() == SecurityContext::InsecureRequest sUpgrade && url.protocolIs("http")) { | 888 if (document()->insecureRequestsPolicy() == SecurityContext::InsecureRequest sUpgrade && url.protocolIs("http")) { |
889 // We always upgrade subresource requests and nested frames, we always u pgrade form | |
890 // submissions, and we always upgrade requests whose host matches the ho st of the | |
891 // containing document's security origin. | |
892 // | |
893 // FIXME: We need to check the document that set the policy, not the cur rent document. | |
889 const ResourceRequest& request = fetchRequest.resourceRequest(); | 894 const ResourceRequest& request = fetchRequest.resourceRequest(); |
890 | |
891 // We always upgrade requests that meet any of the following criteria: | |
892 // | |
893 // 1. Are for subresources (including nested frames). | |
894 // 2. Are form submissions. | |
895 // 3. Whose hosts are contained in the document's InsecureNavigationSet. | |
896 if (request.frameType() == WebURLRequest::FrameTypeNone | 895 if (request.frameType() == WebURLRequest::FrameTypeNone |
897 || request.frameType() == WebURLRequest::FrameTypeNested | 896 || request.frameType() == WebURLRequest::FrameTypeNested |
898 || request.requestContext() == WebURLRequest::RequestContextForm | 897 || request.requestContext() == WebURLRequest::RequestContextForm |
899 || document()->insecureNavigationsToUpgrade()->contains(url.host().i mpl()->hash())) | 898 || url.host() == document()->securityOrigin()->host()) |
Yoav Weiss
2015/03/10 19:03:05
Again, here we relied on the existence of document
|
Yoav Weiss
2015/03/10 19:03:05
Should we assert for document()->securityOrigin()
|
900 { | 899 { |
901 url.setProtocol("https"); | 900 url.setProtocol("https"); |
902 if (url.port() == 80) | 901 if (url.port() == 80) |
903 url.setPort(443); | 902 url.setPort(443); |
904 fetchRequest.mutableResourceRequest().setURL(url); | 903 fetchRequest.mutableResourceRequest().setURL(url); |
905 } | 904 } |
906 } | 905 } |
907 } | 906 } |
908 | 907 |
909 void ResourceFetcher::addClientHintsIfNeccessary(FetchRequest& fetchRequest) | 908 void ResourceFetcher::addClientHintsIfNeccessary(FetchRequest& fetchRequest) |
(...skipping 728 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1638 ResourceLoaderHost::trace(visitor); | 1637 ResourceLoaderHost::trace(visitor); |
1639 } | 1638 } |
1640 | 1639 |
1641 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) | 1640 ResourceFetcher* ResourceFetcher::toResourceFetcher(ResourceLoaderHost* host) |
1642 { | 1641 { |
1643 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); | 1642 ASSERT(host->objectType() == ResourceLoaderHost::ResourceFetcherType); |
1644 return static_cast<ResourceFetcher*>(host); | 1643 return static_cast<ResourceFetcher*>(host); |
1645 } | 1644 } |
1646 | 1645 |
1647 } | 1646 } |
OLD | NEW |