Google Git
Sign in
chromium / chromium / src / e2aea293a2a2f3d35708d6853e7cdd2058869ea6
commite2aea293a2a2f3d35708d6853e7cdd2058869ea6[log] [tgz]
authorJoe DeBlasio <jdeblasio@chromium.org>Tue Nov 14 20:00:23 2023
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Nov 14 20:00:23 2023
treed4b8162b722f5cce983b29a3cb6a5da89757b911
parent7d630fef6b79bb3f32b9ab59931664d5c841df85 [diff]
Add HSTS protection metrics to main-frame navigations

This CL records, for each top-level navigation, whether the navigation
is protected by HSTS or not, and whether it's currently using HTTPS or
not. (HTTP requests to hostnames protected by HSTS are internally
redirected shortly after this metric is recorded.)

This gives us some insight into the practical adoption of HSTS (not just
preloading), and thus is correlated with the risk of downgrade and
HTTPS- stripping attacks on hosts.

This metric isn't perfect, since even without HSTS, not all HTTPS
navigations are eligible to be downgraded. If the user navigates
explicitly to the HTTPS page, e.g. by clicking a HTTPS link on a
(HTTPS-protected) site, or choosing a bookmark that uses HTTPS, a
network attacker can't easily downgrade to HTTP. We're partly addressing
that limitation with additional metrics (in the omnibox and HTTPS
upgrading logic), but this metric gives us easiest access to HSTS status
of HTTPS-protected pages, so it has some unique value.

As implemented, this metric takes advantage of a layering violation
wherein stuff in net/ can see if an HTTP request is for a main frame
navigation. That's officially deprecated, and there was a dream to
remove the ability in crbug.com/516499, but that bug has been WontFix'd,
and I expect this metric to be temporary and removable before that work
is picked back up. So shame on me for the layering violation, but it
should be pretty harmless.

Bug: 1501170
Change-Id: I77f84079867fdf62a1c3450ce528a030a3a6f555
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5021059
Commit-Queue: David Schinazi <dschinazi@chromium.org>
Reviewed-by: David Schinazi <dschinazi@chromium.org>
Commit-Queue: Joe DeBlasio <jdeblasio@chromium.org>
Auto-Submit: Joe DeBlasio <jdeblasio@chromium.org>
Reviewed-by: David Schinazi <dschinazi@google.com>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Reviewed-by: Matt Mueller <mattm@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1224488}
3 files changed
tree: d4b8162b722f5cce983b29a3cb6a5da89757b911
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. native_client_sdk/
  33. net/
  34. pdf/
  35. ppapi/
  36. printing/
  37. remoting/
  38. rlz/
  39. sandbox/
  40. services/
  41. skia/
  42. sql/
  43. storage/
  44. styleguide/
  45. testing/
  46. third_party/
  47. tools/
  48. ui/
  49. url/
  50. webkit/
  51. clank
  52. internal
  53. ios_internal
  54. native_client
  55. signing_keys
  56. v8
  57. .clang-format
  58. .clang-tidy
  59. .eslintrc.js
  60. .git-blame-ignore-revs
  61. .gitattributes
  62. .gitignore
  63. .gitmodules
  64. .gn
  65. .mailmap
  66. .rustfmt.toml
  67. .vpython3
  68. .yapfignore
  69. ATL_OWNERS
  70. AUTHORS
  71. BUILD.gn
  72. CODE_OF_CONDUCT.md
  73. codereview.settings
  74. DEPS
  75. DIR_METADATA
  76. LICENSE
  77. LICENSE.chromium_os
  78. OWNERS
  79. PRESUBMIT.py
  80. PRESUBMIT_test.py
  81. PRESUBMIT_test_mocks.py
  82. README.md
  83. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.