diff options
| author | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-27 19:38:03 +0000 |
|---|---|---|
| committer | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-27 19:38:03 +0000 |
| commit | 243887b36ec8b3ac78c72b3327efee75886f4997 (patch) | |
| tree | f70729d096fd7b1917c0f0c0ff0fec55c4fa91b8 | |
| parent | 9d0f20307e9d9aac09a3eb2f87cecc92c67e9476 (diff) | |
| download | chromium_src-243887b36ec8b3ac78c72b3327efee75886f4997.zip chromium_src-243887b36ec8b3ac78c72b3327efee75886f4997.tar.gz chromium_src-243887b36ec8b3ac78c72b3327efee75886f4997.tar.bz2 | |
Simple change to simplify TransportSecurityState.
Remove two no-op (i.e. always true) boolean functions, each of which was
only used once. Having a DomainState at all is equivalent to having a
DomainState and ShouldCertificateErrorsBeFatal /
ShouldMixedScriptingBeBlocked.
The reason to simplify TransportSecurityState is that agl and I want to
re-factor this class because it is getting too confusing. Doing some
straightforward clean-up now will help accelerate the real re-factoring.
Review URL: http://codereview.chromium.org/9019034
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@115839 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc | 3 | ||||
| -rw-r--r-- | net/base/transport_security_state.cc | 10 | ||||
| -rw-r--r-- | net/base/transport_security_state.h | 10 | ||||
| -rw-r--r-- | net/url_request/url_request_http_job.cc | 3 |
4 files changed, 2 insertions, 24 deletions
diff --git a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc index ab72c1b..b7426c4 100644 --- a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc +++ b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc @@ -330,8 +330,7 @@ void ChromeResourceDispatcherHostDelegate::OnResponseStarted( bool has_sni = net::SSLConfigService::IsSNIAvailable( context->ssl_config_service()); if (state->GetDomainState( - &domain_state, request->url().host(), has_sni) && - domain_state.ShouldMixedScriptingBeBlocked()) { + &domain_state, request->url().host(), has_sni)) { filter->Send(new ChromeViewMsg_AddStrictSecurityHost( info->route_id(), request->url().host())); } diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc index dc72239..23ecd98 100644 --- a/net/base/transport_security_state.cc +++ b/net/base/transport_security_state.cc @@ -1389,19 +1389,9 @@ bool TransportSecurityState::DomainState::IsChainOfPublicKeysPermitted( return false; } -bool TransportSecurityState::DomainState::ShouldCertificateErrorsBeFatal() - const { - return true; -} - bool TransportSecurityState::DomainState::ShouldRedirectHTTPToHTTPS() const { return mode == MODE_STRICT; } -bool TransportSecurityState::DomainState::ShouldMixedScriptingBeBlocked() - const { - return true; -} - } // namespace diff --git a/net/base/transport_security_state.h b/net/base/transport_security_state.h index 01c095b..7ff4a2f 100644 --- a/net/base/transport_security_state.h +++ b/net/base/transport_security_state.h @@ -76,20 +76,10 @@ class NET_EXPORT TransportSecurityState bool IsChainOfPublicKeysPermitted( const std::vector<SHA1Fingerprint>& hashes); - // ShouldCertificateErrorsBeFatal returns true iff, given the |mode| of this - // DomainState, certificate errors on this domain should be fatal (i.e. no - // user bypass). - bool ShouldCertificateErrorsBeFatal() const; - // ShouldRedirectHTTPToHTTPS returns true iff, given the |mode| of this // DomainState, HTTP requests should be internally redirected to HTTPS. bool ShouldRedirectHTTPToHTTPS() const; - // ShouldMixedScriptingBeBlocked returns true iff, given the |mode| of this - // DomainState, mixed scripting (the loading of Javascript, CSS or plugins - // over HTTP for an HTTPS page) should be blocked. - bool ShouldMixedScriptingBeBlocked() const; - Mode mode; base::Time created; // when this host entry was first created base::Time expiry; // the absolute time (UTC) when this record expires diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index de9a044..5b6b986f 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -701,8 +701,7 @@ void URLRequestHttpJob::OnStartCompleted(int result) { context_->transport_security_state() && context_->transport_security_state()->GetDomainState( &domain_state, request_info_.url.host(), - SSLConfigService::IsSNIAvailable(context_->ssl_config_service())) && - domain_state.ShouldCertificateErrorsBeFatal(); + SSLConfigService::IsSNIAvailable(context_->ssl_config_service())); NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, is_hsts_host); } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |