| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 777 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 788 TransportSecurityState* security_state = | 788 TransportSecurityState* security_state = |
| 789 request_->context()->transport_security_state(); | 789 request_->context()->transport_security_state(); |
| 790 const SSLInfo& ssl_info = response_info_->ssl_info; | 790 const SSLInfo& ssl_info = response_info_->ssl_info; |
| 791 | 791 |
| 792 // Only accept HSTS headers on HTTPS connections that have no | 792 // Only accept HSTS headers on HTTPS connections that have no |
| 793 // certificate errors. | 793 // certificate errors. |
| 794 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 794 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || |
| 795 !security_state) | 795 !security_state) |
| 796 return; | 796 return; |
| 797 | 797 |
| 798 CookieOptions options; |
| 799 options.set_include_httponly(); |
| 800 options.set_server_time(response_date_); |
| 801 // Don't persist HSTS if cookies are not saved to avoid tracking. |
| 802 if ((request_info_.load_flags & LOAD_DO_NOT_SAVE_COOKIES) || |
| 803 !CanSetCookie("", &options)) |
| 804 return; |
| 798 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: | 805 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: |
| 799 // | 806 // |
| 800 // If a UA receives more than one STS header field in a HTTP response | 807 // If a UA receives more than one STS header field in a HTTP response |
| 801 // message over secure transport, then the UA MUST process only the | 808 // message over secure transport, then the UA MUST process only the |
| 802 // first such header field. | 809 // first such header field. |
| 803 HttpResponseHeaders* headers = GetResponseHeaders(); | 810 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 804 std::string value; | 811 std::string value; |
| 805 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) | 812 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) |
| 806 security_state->AddHSTSHeader(request_info_.url.host(), value); | 813 security_state->AddHSTSHeader(request_info_.url.host(), value); |
| 807 } | 814 } |
| 808 | 815 |
| 809 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { | 816 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { |
| 810 DCHECK(response_info_); | 817 DCHECK(response_info_); |
| 811 TransportSecurityState* security_state = | 818 TransportSecurityState* security_state = |
| 812 request_->context()->transport_security_state(); | 819 request_->context()->transport_security_state(); |
| 813 const SSLInfo& ssl_info = response_info_->ssl_info; | 820 const SSLInfo& ssl_info = response_info_->ssl_info; |
| 814 | 821 |
| 815 // Only accept HPKP headers on HTTPS connections that have no | 822 // Only accept HPKP headers on HTTPS connections that have no |
| 816 // certificate errors. | 823 // certificate errors. |
| 817 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 824 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || |
| 818 !security_state) | 825 !security_state) |
| 819 return; | 826 return; |
| 820 | 827 |
| 828 CookieOptions options; |
| 829 options.set_include_httponly(); |
| 830 options.set_server_time(response_date_); |
| 831 // Don't persist HPKP if cookies are not saved to avoid tracking. |
| 832 if ((request_info_.load_flags & LOAD_DO_NOT_SAVE_COOKIES) || |
| 833 !CanSetCookie("", &options)) |
| 834 return; |
| 835 |
| 821 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: | 836 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: |
| 822 // | 837 // |
| 823 // If a UA receives more than one PKP header field in an HTTP | 838 // If a UA receives more than one PKP header field in an HTTP |
| 824 // response message over secure transport, then the UA MUST process | 839 // response message over secure transport, then the UA MUST process |
| 825 // only the first such header field. | 840 // only the first such header field. |
| 826 HttpResponseHeaders* headers = GetResponseHeaders(); | 841 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 827 std::string value; | 842 std::string value; |
| 828 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value)) | 843 if (headers->EnumerateHeader(NULL, "Public-Key-Pins", &value)) |
| 829 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); | 844 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); |
| 830 } | 845 } |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 887 return; | 902 return; |
| 888 } | 903 } |
| 889 } | 904 } |
| 890 | 905 |
| 891 SaveCookiesAndNotifyHeadersComplete(net::OK); | 906 SaveCookiesAndNotifyHeadersComplete(net::OK); |
| 892 } else if (IsCertificateError(result)) { | 907 } else if (IsCertificateError(result)) { |
| 893 // We encountered an SSL certificate error. Ask our delegate to decide | 908 // We encountered an SSL certificate error. Ask our delegate to decide |
| 894 // what we should do. | 909 // what we should do. |
| 895 | 910 |
| 896 TransportSecurityState::DomainState domain_state; | 911 TransportSecurityState::DomainState domain_state; |
| 912 bool allow_dynamic_state = |
| 913 !(request_info_.load_flags & LOAD_DO_NOT_SEND_COOKIES) && |
| 914 CanGetCookies(CookieList()); |
| 897 const URLRequestContext* context = request_->context(); | 915 const URLRequestContext* context = request_->context(); |
| 898 const bool fatal = context->transport_security_state() && | 916 const bool fatal = |
| 917 context->transport_security_state() && |
| 899 context->transport_security_state()->GetDomainState( | 918 context->transport_security_state()->GetDomainState( |
| 900 request_info_.url.host(), | 919 request_info_.url.host(), |
| 901 SSLConfigService::IsSNIAvailable(context->ssl_config_service()), | 920 SSLConfigService::IsSNIAvailable(context->ssl_config_service()), |
| 921 allow_dynamic_state, |
| 902 &domain_state) && | 922 &domain_state) && |
| 903 domain_state.ShouldSSLErrorsBeFatal(); | 923 domain_state.ShouldSSLErrorsBeFatal(); |
| 904 NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, fatal); | 924 NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, fatal); |
| 905 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { | 925 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
| 906 NotifyCertificateRequested( | 926 NotifyCertificateRequested( |
| 907 transaction_->GetResponseInfo()->cert_request_info.get()); | 927 transaction_->GetResponseInfo()->cert_request_info.get()); |
| 908 } else { | 928 } else { |
| 909 NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); | 929 NotifyStartError(URLRequestStatus(URLRequestStatus::FAILED, result)); |
| 910 } | 930 } |
| 911 } | 931 } |
| (...skipping 592 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1504 | 1524 |
| 1505 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1525 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
| 1506 awaiting_callback_ = false; | 1526 awaiting_callback_ = false; |
| 1507 } | 1527 } |
| 1508 | 1528 |
| 1509 void URLRequestHttpJob::OnDetachRequest() { | 1529 void URLRequestHttpJob::OnDetachRequest() { |
| 1510 http_transaction_delegate_->OnDetachRequest(); | 1530 http_transaction_delegate_->OnDetachRequest(); |
| 1511 } | 1531 } |
| 1512 | 1532 |
| 1513 } // namespace net | 1533 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19269012:
Don't persist HPKP if PrivacyMode is enabled. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src