net/url_request/url_request_http_job.cc - Issue 11192045: Process only the first Strict-Transport-Security header.

Side by Side Diff: net/url_request/url_request_http_job.cc

Issue 11192045: Process only the first Strict-Transport-Security header. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Disable the tests in CF. Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/url_request/url_request_http_job.h"	5 #include "net/url_request/url_request_http_job.h"

6	6

7 #include "base/base_switches.h"	7 #include "base/base_switches.h"

8 #include "base/bind.h"	8 #include "base/bind.h"

9 #include "base/bind_helpers.h"	9 #include "base/bind_helpers.h"

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 683 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
694 // \|GetDomainState\| may have altered \|domain_state\| while searching. If	694 // \|GetDomainState\| may have altered \|domain_state\| while searching. If

695 // not found, start with a fresh state.	695 // not found, start with a fresh state.

696 domain_state.upgrade_mode =	696 domain_state.upgrade_mode =

697 TransportSecurityState::DomainState::MODE_FORCE_HTTPS;	697 TransportSecurityState::DomainState::MODE_FORCE_HTTPS;

698	698

699 HttpResponseHeaders* headers = GetResponseHeaders();	699 HttpResponseHeaders* headers = GetResponseHeaders();

700 std::string value;	700 std::string value;

701 void* iter = NULL;	701 void* iter = NULL;

702 base::Time now = base::Time::Now();	702 base::Time now = base::Time::Now();

703	703

	704 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec:

	705 //

	706 // If a UA receives more than one STS header field in a HTTP response

	707 // message over secure transport, then the UA MUST process only the

	708 // first such header field.

	709 bool seen_sts = false;

704 while (headers->EnumerateHeader(&iter, "Strict-Transport-Security", &value)) {	710 while (headers->EnumerateHeader(&iter, "Strict-Transport-Security", &value)) {

	711 if (seen_sts)

	712 return;

	713 seen_sts = true;

705 TransportSecurityState::DomainState domain_state;	714 TransportSecurityState::DomainState domain_state;

706 if (domain_state.ParseSTSHeader(now, value))	715 if (domain_state.ParseSTSHeader(now, value))

707 security_state->EnableHost(host, domain_state);	716 security_state->EnableHost(host, domain_state);

708 }	717 }

709 }	718 }

710	719

711 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {	720 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {

712 DCHECK(response_info_);	721 DCHECK(response_info_);

713	722

714 const URLRequestContext* ctx = request_->context();	723 const URLRequestContext* ctx = request_->context();

(...skipping 791 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1506	1515

1507 void URLRequestHttpJob::NotifyURLRequestDestroyed() {	1516 void URLRequestHttpJob::NotifyURLRequestDestroyed() {

1508 awaiting_callback_ = false;	1517 awaiting_callback_ = false;

1509 }	1518 }

1510	1519

1511 void URLRequestHttpJob::OnDetachRequest() {	1520 void URLRequestHttpJob::OnDetachRequest() {

1512 http_transaction_delegate_->OnDetachRequest();	1521 http_transaction_delegate_->OnDetachRequest();

1513 }	1522 }

1514	1523

1515 } // namespace net	1524 } // namespace net

OLD	NEW

« no previous file with comments | « net/http/http_util.cc ('k') | net/url_request/url_request_test_util.cc » ('j') | no next file with comments »