Strict transport security: come out from behind the flag.

With this change, Strict Transport Security is active by default and doesn't need the --force-https flag any more. http://codereview.chromium.org/193067 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25888 0039d316-1c4b-4281-b951-d872f2087c98

Strict transport security: come out from behind the flag.
With this change, Strict Transport Security is active by default and doesn't need the --force-https flag any more. http://codereview.chromium.org/193067 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25888 0039d316-1c4b-4281-b951-d872f2087c98
90b15301 · agl@chromium.org · 6b60f1d1 · 90b15301 · 90b15301 · 90b15301
Commit 90b15301 authored Sep 10, 2009 by agl@chromium.org
Showing with 1 addition and 24 deletions

base/base_switches.cc base/base_switches.cc +0 -10

base/base_switches.h base/base_switches.h +0 -1

net/url_request/url_request_http_job.cc net/url_request/url_request_http_job.cc +1 -13

No files found.
--- a/base/base_switches.cc
+++ b/base/base_switches.cc
@@ -34,14 +34,4 @@ const wchar_t kEnableDCHECK[]                  = L"enable-dcheck";
 // scripts that do not have a user interface.
 const wchar_t kNoMessageBox[]                  = L"no-message-box";
-// Refuse to make HTTP connections and refuse to accept certificate errors.
-// For more information about the design of this feature, please see
-//
-//   ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
-//   Collin Jackson and Adam Barth
-//   In Proc. of the 17th International World Wide Web Conference (WWW 2008)
-//
-// Available at http://www.adambarth.com/papers/2008/jackson-barth.pdf
-const wchar_t kForceHTTPS[]                    = L"force-https";
 }  // namespace switches
--- a/base/base_switches.h
+++ b/base/base_switches.h
@@ -17,7 +17,6 @@ extern const wchar_t kNoErrorDialogs[];
 extern const wchar_t kProcessType[];
 extern const wchar_t kEnableDCHECK[];
 extern const wchar_t kNoMessageBox[];
-extern const wchar_t kForceHTTPS[];
 }  // namespace switches

--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -46,11 +46,7 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
    return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT);
  }
-  // We cache the value of the switch because this code path is hit on every
+  if (scheme == "http" &&
-  // network request.
-  static const bool kForceHTTPS =
-      CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS);
-  if (kForceHTTPS && scheme == "http" &&
      request->context()->strict_transport_security_state() &&
      request->context()->strict_transport_security_state()->IsEnabledForHost(
          request->url().host())) {
@@ -486,10 +482,6 @@ bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) {
  if (!net::IsCertificateError(result))
    return false;
-  // Hide the fancy processing behind a command line switch.
-  if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS))
-    return true;
  // Check whether our context is using Strict-Transport-Security.
  if (!context_->strict_transport_security_state())
    return true;
@@ -698,10 +690,6 @@ void URLRequestHttpJob::FetchResponseCookies() {
 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
  DCHECK(response_info_);
-  // Hide processing behind a command line flag.
-  if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS))
-    return;
  // Only process Strict-Transport-Security from HTTPS responses.
  if (request_info_.url.scheme() != "https")
    return;