From 8f7320ed810cf0409aadae175d42463fdaebe1ab Mon Sep 17 00:00:00 2001 From: "cevans@chromium.org" Date: Wed, 4 May 2011 16:05:43 +0000 Subject: Canary HSTS for mail.google.com, based on enthusiastic support to try. Review URL: http://codereview.chromium.org/6907015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@84070 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/transport_security_state.cc | 3 --- net/base/transport_security_state_unittest.cc | 12 ++++++++---- 2 files changed, 8 insertions(+), 7 deletions(-) (limited to 'net') diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc index 1a62669..1aab472b 100644 --- a/net/base/transport_security_state.cc +++ b/net/base/transport_security_state.cc @@ -592,10 +592,7 @@ bool TransportSecurityState::IsPreloadedSTS( {22, true, "\011encrypted\006google\003com", true, kGoogleAcceptableCerts }, {21, true, "\010accounts\006google\003com", true, kGoogleAcceptableCerts }, {21, true, "\010profiles\006google\003com", true, kGoogleAcceptableCerts }, -#if defined(OS_CHROMEOS) - // TODO(cevans) - unify this with Chrome. {17, true, "\004mail\006google\003com", true, kGoogleAcceptableCerts }, -#endif // Other Google-related domains that must use HTTPS. {20, true, "\006market\007android\003com", true, kGoogleAcceptableCerts }, {26, true, "\003ssl\020google-analytics\003com", true, diff --git a/net/base/transport_security_state_unittest.cc b/net/base/transport_security_state_unittest.cc index ebc2f7c..a8a3cafb 100644 --- a/net/base/transport_security_state_unittest.cc +++ b/net/base/transport_security_state_unittest.cc @@ -490,6 +490,10 @@ TEST_F(TransportSecurityStateTest, Preloaded) { EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "profiles.google.com", true)); + EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "mail.google.com", true)); + EXPECT_TRUE(state->IsEnabledForHost(&domain_state, + "chatenabled.mail.google.com", + true)); EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "entropia.de", true)); EXPECT_TRUE(state->IsEnabledForHost(&domain_state, "www.entropia.de", true)); @@ -633,6 +637,10 @@ TEST_F(TransportSecurityStateTest, BuiltinCertPins) { EXPECT_TRUE(state->HasPinsForHost(&domain_state, "profiles.google.com", true)); + EXPECT_TRUE(state->HasPinsForHost(&domain_state, "mail.google.com", true)); + EXPECT_TRUE(state->HasPinsForHost(&domain_state, + "chatenabled.mail.google.com", + true)); EXPECT_TRUE(state->HasPinsForHost(&domain_state, "ssl.gstatic.com", true)); EXPECT_TRUE(state->HasPinsForHost(&domain_state, "ssl.google-analytics.com", @@ -656,10 +664,6 @@ TEST_F(TransportSecurityStateTest, OptionalHSTSCertPins) { EXPECT_TRUE(state->HasPinsForHost(&domain_state, "www.google-analytics.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, "mail.google.com", true)); - EXPECT_TRUE(state->HasPinsForHost(&domain_state, - "chatenabled.mail.google.com", - true)); EXPECT_TRUE(state->HasPinsForHost(&domain_state, "google.com", true)); EXPECT_TRUE(state->HasPinsForHost(&domain_state, "www.google.com", true)); EXPECT_TRUE(state->HasPinsForHost(&domain_state, -- cgit v1.1