commit | 0e9ad4e93bec5760b73e6a66fe904c29083be81c | [log] [tgz] |
---|---|---|
author | Lukasz Anforowicz <lukasza@chromium.org> | Thu Mar 14 20:03:47 2019 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Mar 14 20:03:47 2019 |
tree | db8413efdfb1600bd302e7616f1a6b172dc8415a | |
parent | d499702fc9c08a1d43ec860af758f42ea0508435 [diff] |
Move IsOriginSecure from //content/public to //services/network/public. This CL moves the code behind content::IsOriginSecure from //content/common/origin_util.cc into //services/network/public/cpp. Having this functionality in the //services/network layer will help develop //services/network features (like Sec-Fetch-Site header) which can't depend on //content layer. content::IsOriginSecure after this CL mostly just forwards the calls to the new network::IsUrlPotentiallyTrustworthy: *) Behavior of blob: and data: URLs is preserved to minimize changes in this CL. These schemes will be made spec-compliant in follow-up CLs (the new network::IsUrlPotentiallyTrustworthy already agrees with the spec). *) url::GetLocalSchemes are now considered secure (for consistency with content::IsPotentiallyTrustworthyOrigin). By default this only covers file: URLs, but //chrome layer also adds externalfile: scheme on CrOS and content: scheme on Android. *) There are no other intended changes in behavior (unit tests have been added for about:, blob:, data: and javascript: URLs). content::IsPotentiallyTrustworthyOrigin after this CL just forwards the calls to the new network::IsOriginPotentiallyTrustworthy: *) data: URLs behave the same (are considered insecure) before and after the CL (since unique |origin| would be considered insecure before this CL + it would also be caught by url::GetNoAccessSchemes check). *) Note that removing url::GetNoAccessSchemes check doesn't change any behavior, because such schemes result in opaque origins. *) Overall there are no intended changes in behavior (unit tests have been added for about:, data: and javascript: URLs). Bug: 937451 Change-Id: I6be8b9c7a0197fa64e1574f250964732d704fb86 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1492935 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Eugene But <eugenebut@chromium.org> Commit-Queue: Ćukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#640889}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .