diff options
| author | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-12-15 09:01:33 +0000 |
|---|---|---|
| committer | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-12-15 09:01:33 +0000 |
| commit | 4ed2755fa534075e250bb8ed5f909b753fa777fc (patch) | |
| tree | e502cf862870f744c8eaba40db2b5306873680f5 | |
| parent | 554c6eff8a5fabf281ca314293fbec2f23f8311d (diff) | |
| download | chromium_src-4ed2755fa534075e250bb8ed5f909b753fa777fc.zip chromium_src-4ed2755fa534075e250bb8ed5f909b753fa777fc.tar.gz chromium_src-4ed2755fa534075e250bb8ed5f909b753fa777fc.tar.bz2 | |
Command line switch for the ultra security concious: --force-https!
If you set this switch, the browser refuses to talk HTTP and refuses to permit certificate errors. For best results, use with a dedicated profile.
R=jar
Review URL: http://codereview.chromium.org/14421
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6979 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | base/base_switches.cc | 3 | ||||
| -rw-r--r-- | base/base_switches.h | 1 | ||||
| -rw-r--r-- | net/url_request/url_request_http_job.cc | 12 |
3 files changed, 15 insertions, 1 deletions
diff --git a/base/base_switches.cc b/base/base_switches.cc index d05d8f4..c9d65cb0f 100644 --- a/base/base_switches.cc +++ b/base/base_switches.cc @@ -30,5 +30,8 @@ const wchar_t kProcessType[] = L"type"; // Enable DCHECKs in release mode. const wchar_t kEnableDCHECK[] = L"enable-dcheck"; +// Refuse to make HTTP connections and refuse to accept certificate errors. +const wchar_t kForceHTTPS[] = L"force-https"; + } // namespace switches diff --git a/base/base_switches.h b/base/base_switches.h index 31879a1..79f9e2b 100644 --- a/base/base_switches.h +++ b/base/base_switches.h @@ -16,6 +16,7 @@ extern const wchar_t kFullMemoryCrashReport[]; extern const wchar_t kNoErrorDialogs[]; extern const wchar_t kProcessType[]; extern const wchar_t kEnableDCHECK[]; +extern const wchar_t kForceHTTPS[]; } // namespace switches diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index ca28e7c..3cfb5709 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -4,6 +4,8 @@ #include "net/url_request/url_request_http_job.h" +#include "base/base_switches.h" +#include "base/command_line.h" #include "base/compiler_specific.h" #include "base/file_util.h" #include "base/file_version_info.h" @@ -37,6 +39,13 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request, return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT); } + // We cache the value of the switch because this code path is hit on every + // network request. + static const bool kForceHTTPS = + CommandLine().HasSwitch(switches::kForceHTTPS); + if (kForceHTTPS && scheme != "https") + return new URLRequestErrorJob(request, net::ERR_DISALLOWED_URL_SCHEME); + return new URLRequestHttpJob(request); } @@ -375,7 +384,8 @@ void URLRequestHttpJob::OnStartCompleted(int result) { if (result == net::OK) { NotifyHeadersComplete(); - } else if (net::IsCertificateError(result)) { + } else if (net::IsCertificateError(result) && + !CommandLine().HasSwitch(switches::kForceHTTPS)) { // We encountered an SSL certificate error. Ask our delegate to decide // what we should do. // TODO(wtc): also pass ssl_info.cert_status, or just pass the whole |