Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(273)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_http_job.cc

Issue 19269012: Don't persist HPKP if PrivacyMode is enabled. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address codereview nit and fix compilation error in OFFICIAL_BUILD. Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/socket/ssl_client_socket_nss.cc ('K') | « net/url_request/url_request.cc ('k') | net/url_request/url_request_test_util.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index dd11a1b6ef257cb3a35f580a18facc5e8acfebd0..6bfb5d2220585b4f9ff4b221738decc4b041aac4 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -795,6 +795,13 @@ void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
!security_state)
return;
+ CookieOptions options;
+ options.set_include_httponly();
+ options.set_server_time(response_date_);
+ // Don't persist HSTS if cookies are not saved to avoid tracking.
+ if ((request_info_.load_flags & LOAD_DO_NOT_SAVE_COOKIES) ||
+ !CanSetCookie("", &options))
+ return;
// http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec:
//
// If a UA receives more than one STS header field in a HTTP response
@@ -818,6 +825,14 @@ void URLRequestHttpJob::ProcessPublicKeyPinsHeader() {
!security_state)
return;
+ CookieOptions options;
+ options.set_include_httponly();
+ options.set_server_time(response_date_);
+ // Don't persist HPKP if cookies are not saved to avoid tracking.
+ if ((request_info_.load_flags & LOAD_DO_NOT_SAVE_COOKIES) ||
+ !CanSetCookie("", &options))
+ return;
+
// http://tools.ietf.org/html/draft-ietf-websec-key-pinning:
//
// If a UA receives more than one PKP header field in an HTTP
@@ -894,11 +909,16 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
// what we should do.
TransportSecurityState::DomainState domain_state;
+ bool allow_dynamic_state =
+ !(request_info_.load_flags & LOAD_DO_NOT_SEND_COOKIES) &&
+ CanGetCookies(CookieList());
const URLRequestContext* context = request_->context();
- const bool fatal = context->transport_security_state() &&
+ const bool fatal =
+ context->transport_security_state() &&
context->transport_security_state()->GetDomainState(
request_info_.url.host(),
SSLConfigService::IsSNIAvailable(context->ssl_config_service()),
+ allow_dynamic_state,
&domain_state) &&
domain_state.ShouldSSLErrorsBeFatal();
NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, fatal);
« net/socket/ssl_client_socket_nss.cc ('K') | « net/url_request/url_request.cc ('k') | net/url_request/url_request_test_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698