diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-10 18:35:16 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-10 18:35:16 +0000 |
| commit | 90b15301bced121bee671159f826b7917ac89afb (patch) | |
| tree | 3476fd1e996da8fa7930e0d36c0c1e6474be7354 | |
| parent | 6b60f1d102f4f41adfc00c32316b0b3e3ef7f1d4 (diff) | |
| download | chromium_src-90b15301bced121bee671159f826b7917ac89afb.zip chromium_src-90b15301bced121bee671159f826b7917ac89afb.tar.gz chromium_src-90b15301bced121bee671159f826b7917ac89afb.tar.bz2 | |
Strict transport security: come out from behind the flag.
With this change, Strict Transport Security is active by default and
doesn't need the --force-https flag any more.
http://codereview.chromium.org/193067
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25888 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | base/base_switches.cc | 10 | ||||
| -rw-r--r-- | base/base_switches.h | 1 | ||||
| -rw-r--r-- | net/url_request/url_request_http_job.cc | 14 |
3 files changed, 1 insertions, 24 deletions
diff --git a/base/base_switches.cc b/base/base_switches.cc index 900f217..b13517a 100644 --- a/base/base_switches.cc +++ b/base/base_switches.cc @@ -34,14 +34,4 @@ const wchar_t kEnableDCHECK[] = L"enable-dcheck"; // scripts that do not have a user interface. const wchar_t kNoMessageBox[] = L"no-message-box"; -// Refuse to make HTTP connections and refuse to accept certificate errors. -// For more information about the design of this feature, please see -// -// ForceHTTPS: Protecting High-Security Web Sites from Network Attacks -// Collin Jackson and Adam Barth -// In Proc. of the 17th International World Wide Web Conference (WWW 2008) -// -// Available at http://www.adambarth.com/papers/2008/jackson-barth.pdf -const wchar_t kForceHTTPS[] = L"force-https"; - } // namespace switches diff --git a/base/base_switches.h b/base/base_switches.h index 34c0b0ea..e708ee4 100644 --- a/base/base_switches.h +++ b/base/base_switches.h @@ -17,7 +17,6 @@ extern const wchar_t kNoErrorDialogs[]; extern const wchar_t kProcessType[]; extern const wchar_t kEnableDCHECK[]; extern const wchar_t kNoMessageBox[]; -extern const wchar_t kForceHTTPS[]; } // namespace switches diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index ada4ad1..8d71b36 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -46,11 +46,7 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request, return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT); } - // We cache the value of the switch because this code path is hit on every - // network request. - static const bool kForceHTTPS = - CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS); - if (kForceHTTPS && scheme == "http" && + if (scheme == "http" && request->context()->strict_transport_security_state() && request->context()->strict_transport_security_state()->IsEnabledForHost( request->url().host())) { @@ -486,10 +482,6 @@ bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) { if (!net::IsCertificateError(result)) return false; - // Hide the fancy processing behind a command line switch. - if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS)) - return true; - // Check whether our context is using Strict-Transport-Security. if (!context_->strict_transport_security_state()) return true; @@ -698,10 +690,6 @@ void URLRequestHttpJob::FetchResponseCookies() { void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { DCHECK(response_info_); - // Hide processing behind a command line flag. - if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS)) - return; - // Only process Strict-Transport-Security from HTTPS responses. if (request_info_.url.scheme() != "https") return; |