// Copyright 2022 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/ssl/https_upgrades_interceptor.h" #include "base/functional/bind.h" #include "base/metrics/histogram_functions.h" #include "build/build_config.h" #include "build/buildflag.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/profiles/profile_manager.h" #include "chrome/browser/renderer_host/chrome_navigation_ui_data.h" #include "chrome/browser/ssl/https_first_mode_settings_tracker.h" #include "chrome/browser/ssl/https_only_mode_tab_helper.h" #include "chrome/browser/ssl/https_upgrades_util.h" #include "chrome/common/chrome_features.h" #include "chrome/common/pref_names.h" #include "components/captive_portal/core/buildflags.h" #include "components/content_settings/core/browser/content_settings_registry.h" #include "components/content_settings/core/browser/host_content_settings_map.h" #include "components/prefs/pref_service.h" #include "components/security_interstitials/content/stateful_ssl_host_state_delegate.h" #include "content/public/browser/navigation_entry.h" #include "content/public/browser/storage_partition.h" #include "content/public/browser/url_loader_request_interceptor.h" #include "content/public/browser/web_contents.h" #include "extensions/buildflags/buildflags.h" #include "mojo/public/cpp/bindings/callback_helpers.h" #include "mojo/public/cpp/bindings/pending_receiver.h" #include "mojo/public/cpp/bindings/pending_remote.h" #include "mojo/public/cpp/bindings/receiver.h" #include "mojo/public/cpp/bindings/remote.h" #include "mojo/public/cpp/system/data_pipe.h" #include "net/base/url_util.h" #include "net/http/http_status_code.h" #include "net/http/http_util.h" #include "net/url_request/redirect_info.h" #include "services/network/public/cpp/resource_request.h" #include "services/network/public/cpp/url_loader_completion_status.h" #include "services/network/public/mojom/network_context.mojom.h" #include "services/network/public/mojom/url_loader.mojom.h" #include "services/network/public/mojom/url_response_head.mojom.h" #include "ui/base/page_transition_types.h" #include "url/gurl.h" #include "url/url_constants.h" #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) #include "components/captive_portal/content/captive_portal_tab_helper.h" #endif #if BUILDFLAG(ENABLE_EXTENSIONS) #include "components/guest_view/browser/guest_view_base.h" #endif // BUILDFLAG(ENABLE_EXTENSIONS) RecordHttpsFirstModeNavigation; RecordNavigationRequestSecurityLevel; namespace { // Used to handle upgrading/fallback for tests using EmbeddedTestServer which // uses random ports. int g_https_port_for_testing = …; int g_http_port_for_testing = …; // Updates a URL to HTTPS. URLs with the default port will result in the HTTPS // URL using the default port 443. URLs with non-default ports won't have the // port changed. For tests, the HTTPS port used can be overridden with // HttpsUpgradesInterceptor::SetHttpsPortForTesting(). GURL UpgradeUrlToHttps(const GURL& url) { … } // Helper to configure an artificial redirect to `new_url`. This configures // `response_head` and returns a computed RedirectInfo so both can be passed to // URLLoaderClient::OnReceiveRedirect() to trigger the redirect. net::RedirectInfo SetupRedirect( const network::ResourceRequest& request, const GURL& new_url, network::mojom::URLResponseHead* response_head) { … } // Check whether the HTTP or HTTPS versions of the URL has "Insecure // Content" allowed in content settings. A user can manually specify hosts // or hostname patterns (e.g., [*.]example.com) in site settings. bool DoesInsecureContentSettingDisableUpgrading(const GURL& url, Profile* profile) { … } // Check for net errors that should not result in an HTTPS-First Mode // interstitial. These cover cases where the error is most likely related to the // local network conditions or a transient error, where it is more useful to // show the user a network error page than the HTTPS-First Mode interstitial. // (Or, in the case of HTTPS Upgrades, we don't want to fallback and allowlist // the hostname yet -- instead we want to show the network error page and then // retry the HTTPS upgrade again later.) bool IsHttpsFirstModeExemptedError(int error) { … } } // namespace RequestHandler; Event; NavigationRequestSecurityLevel; // static std::unique_ptr<HttpsUpgradesInterceptor> HttpsUpgradesInterceptor::MaybeCreateInterceptor( int frame_tree_node_id, content::NavigationUIData* navigation_ui_data) { … } HttpsUpgradesInterceptor::HttpsUpgradesInterceptor( int frame_tree_node_id, bool http_interstitial_enabled_by_pref, content::NavigationUIData* navigation_ui_data) : … { … } HttpsUpgradesInterceptor::~HttpsUpgradesInterceptor() = default; bool ShouldExcludeNavigationFromUpgrades( content::NavigationUIData* navigation_ui_data, content::WebContents* contents) { … } void HttpsUpgradesInterceptor::MaybeCreateLoader( const network::ResourceRequest& tentative_resource_request, content::BrowserContext* browser_context, content::URLLoaderRequestInterceptor::LoaderCallback callback) { … } void HttpsUpgradesInterceptor::MaybeCreateLoaderOnHstsQueryCompleted( const network::ResourceRequest& tentative_resource_request, content::URLLoaderRequestInterceptor::LoaderCallback callback, bool is_hsts_active_for_host) { … } bool HttpsUpgradesInterceptor::MaybeCreateLoaderForResponse( const network::URLLoaderCompletionStatus& status, const network::ResourceRequest& request, network::mojom::URLResponseHeadPtr* response_head, mojo::ScopedDataPipeConsumerHandle* response_body, mojo::PendingRemote<network::mojom::URLLoader>* loader, mojo::PendingReceiver<network::mojom::URLLoaderClient>* client_receiver, blink::ThrottlingURLLoader* url_loader) { … } // static void HttpsUpgradesInterceptor::SetHttpsPortForTesting(int port) { … } // static void HttpsUpgradesInterceptor::SetHttpPortForTesting(int port) { … } // static int HttpsUpgradesInterceptor::GetHttpsPortForTesting() { … } // static int HttpsUpgradesInterceptor::GetHttpPortForTesting() { … } RequestHandler HttpsUpgradesInterceptor::CreateRedirectHandler( const GURL& new_url) { … } void HttpsUpgradesInterceptor::RedirectHandler( const GURL& new_url, const network::ResourceRequest& request, mojo::PendingReceiver<network::mojom::URLLoader> receiver, mojo::PendingRemote<network::mojom::URLLoaderClient> client) { … } void HttpsUpgradesInterceptor::OnConnectionClosed() { … }
Codebase Browser
chromium