Log a deprecation warning for HTTP-Based Public Key Pinning.

When we see the header, print a warning to the console. Adapted from a suggestion from elawrence@. Bug: 779166 Change-Id: Id68495a37f43436cd51833391dbf140d5eb9aef3 Reviewed-on: https://chromium-review.googlesource.com/1006194Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Eric Lawrence <elawrence@chromium.org> Cr-Commit-Position: refs/heads/master@{#550417}

Log a deprecation warning for HTTP-Based Public Key Pinning.
When we see the header, print a warning to the console. Adapted from a suggestion from elawrence@. Bug: 779166 Change-Id: Id68495a37f43436cd51833391dbf140d5eb9aef3 Reviewed-on: https://chromium-review.googlesource.com/1006194Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Eric Lawrence <elawrence@chromium.org> Cr-Commit-Position: refs/heads/master@{#550417}
a136eabd · Chris Palmer · da1adc70 · a136eabd
Commit a136eabd authored Apr 12, 2018 by Chris Palmer
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 2 deletions

third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js ...y/blink/renderer/devtools/front_end/sdk/NetworkManager.js +17 -2

No files found.
--- a/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js
+++ b/third_party/blink/renderer/devtools/front_end/sdk/NetworkManager.js
@@ -113,7 +113,6 @@ SDK.NetworkManager = class extends SDK.SDKModel {
    return {error: error, content: error ? null : response.body, encoded: response.base64Encoded};
  }
  /**
   * @param {!SDK.NetworkRequest} request
   * @return {!Promise<?string>}
@@ -486,6 +485,20 @@ SDK.NetworkDispatcher = class {
          SDK.NetworkManager.Events.MessageGenerated, {message: message, requestId: requestId, warning: true});
    }
+    if ('public-key-pins' in lowercaseHeaders || 'public-key-pins-report-only' in lowercaseHeaders) {
+      if (!this._hpkpDomains)
+        this._hpkpDomains = new Set();
+      const parsed = new Common.ParsedURL(response.url);
+      if (parsed.isValid && !this._hpkpDomains.has(parsed.host)) {
+        this._hpkpDomains.add(parsed.host);
+        const message = Common.UIString(
+            'HTTP-Based Public Key Pinning is deprecated. Chrome 69 and later will ignore HPKP response headers. (Host: %s)',
+            parsed.host);
+        this._manager.dispatchEventToListeners(
+            SDK.NetworkManager.Events.MessageGenerated, {message: message, requestId: requestId, warning: true});
+      }
+    }
    this._updateNetworkRequestWithResponse(networkRequest, response);
    this._updateNetworkRequest(networkRequest);
@@ -761,8 +774,10 @@ SDK.NetworkDispatcher = class {
    this._inflightRequestsByURL[networkRequest.url()] = networkRequest;
    // The following relies on the fact that loaderIds and requestIds are
    // globally unique and that the main request has them equal.
-    if (networkRequest.loaderId === networkRequest.requestId())
+    if (networkRequest.loaderId === networkRequest.requestId()) {
      SDK.multitargetNetworkManager._inflightMainResourceRequests.set(networkRequest.requestId(), networkRequest);
+      delete this._hpkpDomains;
+    }
    this._manager.dispatchEventToListeners(SDK.NetworkManager.Events.RequestStarted, networkRequest);
  }