diff options
Diffstat (limited to 'net/url_request/url_request_http_job.cc')
| -rw-r--r-- | net/url_request/url_request_http_job.cc | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index 39a4a41..ccc38d5 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -404,6 +404,7 @@ void URLRequestHttpJob::NotifyHeadersComplete() { // The ordering of these calls is not important. ProcessStrictTransportSecurityHeader(); ProcessPublicKeyPinsHeader(); + ProcessExpectCTHeader(); // Handle the server notification of a new SDCH dictionary. SdchManager* sdch_manager(request()->context()->sdch_manager()); @@ -904,6 +905,28 @@ void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { } } +void URLRequestHttpJob::ProcessExpectCTHeader() { + DCHECK(response_info_); + TransportSecurityState* security_state = + request_->context()->transport_security_state(); + const SSLInfo& ssl_info = response_info_->ssl_info; + + // Only accept Expect CT headers on HTTPS connections that have no + // certificate errors. + if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || + !security_state) { + return; + } + + // Only process the first Expect-CT header value. + HttpResponseHeaders* headers = GetResponseHeaders(); + std::string value; + if (headers->EnumerateHeader(nullptr, "Expect-CT", &value)) { + security_state->ProcessExpectCTHeader( + value, HostPortPair::FromURL(request_info_.url), ssl_info); + } +} + void URLRequestHttpJob::OnStartCompleted(int result) { RecordTimer(); |