Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 7 users
Status: Fixed
Owner:
(OOO until 16th)
Closed: Oct 2015
Cc:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: ----
Launch-Privacy: ----
Launch-Security: ----
Launch-Status: ----
Launch-Test: ----
Launch-UI: ----
Product-Review: ----



Sign in to add a comment
Upgrading insecure resource requests.
Project Member Reported by mkwst@chromium.org, Feb 5 2015 Back to list
Change description:
Defines a mechanism which allows authors to instruct a user agent to upgrade a priori insecure resource requests to secure transport before Fetching them.

Changes to API surface:
Adds a new CSP directive, `upgrade-insecure-resources`, which triggers the behavior.

Links:
Public standards discussion: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0037.html
Spec: https://w3c.github.io/webappsec/specs/upgrade/

Support in other browsers:
None. It's been floated on WebAppSec, but totally isn't official yet.
 
Project Member Comment 1 by bugdroid1@chromium.org, Feb 6 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=189646

------------------------------------------------------------------
r189646 | mkwst@chromium.org | 2015-02-06T14:19:35.587329Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/core.gypi?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/modules/websockets/DOMWebSocket.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/modules/websockets/DOMWebSocketTest.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcherTest.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcher.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.h?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcher.h?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SecurityContext.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.h?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/Document.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/CSPDirectiveList.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SecurityContext.h?r1=189646&r2=189645&pathrev=189646
   A http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicyTest.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/CSPDirectiveList.h?r1=189646&r2=189645&pathrev=189646
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicy.h?r1=189646&r2=189645&pathrev=189646

CSP: Adding the 'upgrade-insecure-requests' directive.

This is an initial implementation of the upgrade mechanism specified
in https://w3c.github.io/webappsec/specs/upgrade/. We don't have
layout tests, as the upgrade intentionally doesn't touch the port,
and we use excitingly interesting ports like 8080 and 8443, which
mean that the resources won't load even after upgrade.

Test coverage is provided by unit tests which verify that CSP sets
the InsecureContentPolicy is correctly set for a document based on
a given policy, and that RequestFetcher and DOMWebSocket use that
policy information to upgrade URLs.

The new directive is behind the "experimental csp features" flag,
and is nowhere near shipping.

Intent to Implement: https://groups.google.com/a/chromium.org/d/msg/blink-dev/rjeFL53OV4I/_NvMh0_qsWEJ

BUG= 455674 

Review URL: https://codereview.chromium.org/901903003
-----------------------------------------------------------------
Project Member Comment 2 by bugdroid1@chromium.org, Feb 6 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=189650

------------------------------------------------------------------
r189650 | sigbjornf@opera.com | 2015-02-06T15:43:50.153411Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcherTest.cpp?r1=189650&r2=189649&pathrev=189650

Oilpan: fix build after r189646 (28249fcb).

TBR=oilpan-reviews
BUG= 455674 
NOTRY=true

Review URL: https://codereview.chromium.org/904053002
-----------------------------------------------------------------
Project Member Comment 3 by bugdroid1@chromium.org, Feb 7 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=189738

------------------------------------------------------------------
r189738 | mkwst@chromium.org | 2015-02-07T05:53:27.292458Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcher.cpp?r1=189738&r2=189737&pathrev=189738
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcherTest.cpp?r1=189738&r2=189737&pathrev=189738

Upgrade: Adjust behavior based on request's FrameType and Context.

See step 1.* of https://w3c.github.io/webappsec/specs/upgrade/#upgrade-request.
We only upgrade requests with certain properties, this CL makes that
adjustment.

BUG= 455674 
R=yoav@yoav.ws

Review URL: https://codereview.chromium.org/908513002
-----------------------------------------------------------------
Project Member Comment 4 by bugdroid1@chromium.org, Feb 17 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=190341

------------------------------------------------------------------
r190341 | mkwst@chromium.org | 2015-02-17T18:15:15.695412Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcher.cpp?r1=190341&r2=190340&pathrev=190341
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcherTest.cpp?r1=190341&r2=190340&pathrev=190341
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcher.h?r1=190341&r2=190340&pathrev=190341

Upgrade: Send a 'Prefer' header for feature detection.

As defined in https://w3c.github.io/webappsec/specs/upgrade/#feature-detect,
this patch adds a 'return=secure-representation' preference to outgoing
insecure and navigational requests.

BUG= 455674 
R=yoav@yoav.ws

Review URL: https://codereview.chromium.org/930323002
-----------------------------------------------------------------
Comment 5 by mkwst@chromium.org, Mar 5 2015
Labels: -OWP-Standards-UnofficialSpec OWP-Standards-OfficialSpec
Published an FPWD: http://www.w3.org/TR/upgrade-insecure-requests/
Project Member Comment 7 by bugdroid1@chromium.org, Mar 5 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=191367

------------------------------------------------------------------
r191367 | mkwst@chromium.org | 2015-03-05T15:43:36.744116Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SecurityContext.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.h?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/Document.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/CSPDirectiveList.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SecurityContext.h?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicyTest.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/CSPDirectiveList.h?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicy.h?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/modules/websockets/DOMWebSocket.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/modules/websockets/DOMWebSocketTest.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcher.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcherTest.cpp?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.h?r1=191367&r2=191366&pathrev=191367
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.cpp?r1=191367&r2=191366&pathrev=191367

Rename InsecureContentPolicy to InsecureRequestsPolicy.

After https://github.com/w3c/webappsec/commit/fcee68e71a37cce3585245e9722b906eaaf0b0e6,
we're now consistently naming things between the spec and this implementation.

BUG= 455674 

Review URL: https://codereview.chromium.org/980213002
-----------------------------------------------------------------
Project Member Comment 8 by bugdroid1@chromium.org, Mar 6 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=191421

------------------------------------------------------------------
r191421 | mkwst@chromium.org | 2015-03-06T10:26:18.939519Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/Document.cpp?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SecurityContext.h?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.cpp?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcher.cpp?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcherTest.cpp?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicyTest.cpp?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.h?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.cpp?r1=191421&r2=191420&pathrev=191421
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.h?r1=191421&r2=191420&pathrev=191421

Upgrade insecure requests: Pipe navigational hosts down into nested documents.

After [1], we need to track hosts (including ancestor hosts) that have
set the 'upgrade-insecure-requests' directive in their respective policies
in order to correctly upgrade navigational requests to one of those
hosts.

This patch adds a 'HashSet<unsigned>' to SecurityContext that holds the
hashes of the hosts which have opted-into such treatment, ensures that
the set is correctly populated when creating a Document or applying a
policy, and uses the set to make decisions about navigational upgrades
inside ResourceFetcher.

[1]: ttps://github.com/w3c/webappsec/commit/f947b75e9b906c53d0bd6e66ca59b60bfe0aa20e

BUG= 455674 

Review URL: https://codereview.chromium.org/978323002
-----------------------------------------------------------------
Project Member Comment 9 by bugdroid1@chromium.org, Mar 10 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=191650

------------------------------------------------------------------
r191650 | mkwst@chromium.org | 2015-03-10T18:56:29.460352Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.cpp?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcher.cpp?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/fetch/ResourceFetcherTest.cpp?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicyTest.cpp?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.h?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.cpp?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.h?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/Document.cpp?r1=191650&r2=191649&pathrev=191650
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SecurityContext.h?r1=191650&r2=191649&pathrev=191650

Revert of Upgrade insecure requests: Pipe navigational hosts down into nested documents. (patchset #1 id:1 of https://codereview.chromium.org/978323002/)

Reason for revert:
Speculative revert to see if things stop crashing. :)

BUG=465497

Original issue's description:
> Upgrade insecure requests: Pipe navigational hosts down into nested documents.
> 
> After [1], we need to track hosts (including ancestor hosts) that have
> set the 'upgrade-insecure-requests' directive in their respective policies
> in order to correctly upgrade navigational requests to one of those
> hosts.
> 
> This patch adds a 'HashSet<unsigned>' to SecurityContext that holds the
> hashes of the hosts which have opted-into such treatment, ensures that
> the set is correctly populated when creating a Document or applying a
> policy, and uses the set to make decisions about navigational upgrades
> inside ResourceFetcher.
> 
> [1]: ttps://github.com/w3c/webappsec/commit/f947b75e9b906c53d0bd6e66ca59b60bfe0aa20e
> 
> BUG= 455674 
> 
> Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=191421

TBR=yoav@yoav.ws
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 455674 

Review URL: https://codereview.chromium.org/999473002
-----------------------------------------------------------------
Project Member Comment 10 by bugdroid1@chromium.org, Mar 20 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=192074

------------------------------------------------------------------
r192074 | mkwst@chromium.org | 2015-03-18T09:14:30.502477Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContext.cpp?r1=192074&r2=192073&pathrev=192074
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContextTest.cpp?r1=192074&r2=192073&pathrev=192074

Upgrade: Add 'Upgraded' header, update 'Prefer' value.

This patch updates our 'Upgrade Insecure Requests' implementation to
match two spec changes:

* [1] renamed the 'return=secure-representation' preference to 'tls'
  (after first renaming it to 'https' in [2]).

* [3] added the 'Upgraded' request header to signal upgraded requests,
  detailed at [4].

[1]: https://github.com/w3c/webappsec/commit/29d07a99aebebd02f40a2daa9feb8425c36c5c21
[2]: https://github.com/w3c/webappsec/commit/a0aa404a84a0eca2040246fcd805980461d327ae
[3]: https://github.com/w3c/webappsec/commit/05e5358eddcce3981a9f1afc5ff31bebc568cfb4
[4]: https://w3c.github.io/webappsec/specs/upgrade/#upgraded-header-field

BUG= 455674 

Review URL: https://codereview.chromium.org/1011083003
-----------------------------------------------------------------
Project Member Comment 11 by bugdroid1@chromium.org, Mar 20 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=192082

------------------------------------------------------------------
r192082 | mkwst@chromium.org | 2015-03-18T12:23:43.771063Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.h?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.cpp?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameLoader.h?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/Document.cpp?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContext.cpp?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContextTest.cpp?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/SecurityContext.h?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/dom/DocumentInit.cpp?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicy.cpp?r1=192082&r2=192081&pathrev=192082
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicyTest.cpp?r1=192082&r2=192081&pathrev=192082

Upgrade insecure requests: Pipe navigational hosts down into nested documents.

After [1], we need to track hosts (including ancestor hosts) that have
set the 'upgrade-insecure-requests' directive in their respective policies
in order to correctly upgrade navigational requests to one of those
hosts.

This patch adds a 'HashSet<unsigned>' to SecurityContext that holds the
hashes of the hosts which have opted-into such treatment, ensures that
the set is correctly populated when creating a Document or applying a
policy, and uses the set to make decisions about navigational upgrades
inside ResourceFetcher.

[1]: https://github.com/w3c/webappsec/commit/f947b75e9b906c53d0bd6e66ca59b60bfe0aa20e

-----------------------------------------------------------------------
This relands  https://src.chromium.org/viewvc/blink?view=rev&revision=191421
which was reverted to fix crashes tracked in https://crbug.com/465497.
These crashes turned out to be a different patch's fault, but I've added
a few null checks anyway, as Yoav correctly noted that they were missing.
-----------------------------------------------------------------------


BUG= 455674 

Review URL: https://codereview.chromium.org/1010893003
-----------------------------------------------------------------
Project Member Comment 12 by bugdroid1@chromium.org, Mar 20 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=192260

------------------------------------------------------------------
r192260 | mkwst@chromium.org | 2015-03-20T16:01:19.965399Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContext.cpp?r1=192260&r2=192259&pathrev=192260
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContextTest.cpp?r1=192260&r2=192259&pathrev=192260

Upgrade: Drop the 'upgraded' signal, expand the 'https' signal.

Based on further conversation, we're dropping the 'Upgraded' header
entirely, and expanding the 'HTTPS' header (nee 'Prefer: tls') to
cover hosts that haven't opted-into preloadable HSTS[1].

[1]: https://github.com/w3c/webappsec/commit/f8a1183b014697c918e26c80df0523a977dc3a9e

BUG= 455674 

Review URL: https://codereview.chromium.org/1022093002
-----------------------------------------------------------------
Comment 13 by mkwst@chromium.org, Mar 23 2015
Labels: M-43
Cc: lgar...@chromium.org
Project Member Comment 15 by bugdroid1@chromium.org, Mar 31 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=192493

------------------------------------------------------------------
r192493 | mkwst@chromium.org | 2015-03-25T05:33:12.288301Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/CSPDirectiveList.cpp?r1=192493&r2=192492&pathrev=192493
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/loader/FrameFetchContext.cpp?r1=192493&r2=192492&pathrev=192493
   M http://src.chromium.org/viewvc/blink/trunk/Source/core/frame/csp/ContentSecurityPolicyTest.cpp?r1=192493&r2=192492&pathrev=192493

Ship "Upgrade Insecure Requests".

This patch makes no functional changes, it simply removes the runtime
guards in both CSP and FrameFetchContext in order to enable the upgrade
insecure requests behavior by default.

Intent to Ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/BDHLrC8UM-Y/amTCDlWJnk8J

BUG= 455674 

Review URL: https://codereview.chromium.org/1032473002
-----------------------------------------------------------------
Project Member Comment 17 by bugdroid1@chromium.org, Mar 31 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=192607

------------------------------------------------------------------
r192607 | mkwst@chromium.org | 2015-03-26T14:14:58.081178Z

Changed paths:
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/upgrade-insecure-requests?r1=192607&r2=192606&pathrev=192607
   A http://src.chromium.org/viewvc/blink/trunk/LayoutTests/http/tests/security/upgrade-insecure-requests/basic-upgrade.https.html?r1=192607&r2=192606&pathrev=192607

Upgrade: Add a simple end-to-end test.

I realized today that I can indeed add some layout tests for UPGRADE, as
the port will be left alone if it's non-standard. This patch adds a
simple test that verifies that images are upgraded and have the same
cross-origin semantics as redirected images.

BUG= 455674 

Review URL: https://codereview.chromium.org/1031993003
-----------------------------------------------------------------
Project Member Comment 18 by bugdroid1@chromium.org, Mar 31 2015
The following revision refers to this bug:
  http://src.chromium.org/viewvc/blink?view=rev&rev=192689

------------------------------------------------------------------
r192689 | mkwst@chromium.org | 2015-03-27T16:56:29.060314Z

Changed paths:
   M http://src.chromium.org/viewvc/blink/trunk/Source/modules/websockets/DOMWebSocket.cpp?r1=192689&r2=192688&pathrev=192689

Upgrade: Measure websocket upgrades as well as other subresources.

I missed WebSockets in https://codereview.chromium.org/1035683003.

BUG= 455674 
R=yoav@yoav.ws

Review URL: https://codereview.chromium.org/1033243003
-----------------------------------------------------------------
Status: Fixed
Comment 20 Deleted
Comment 21 Deleted
Sign in to add a comment