Command line switch for the ultra security concious: --force-https!

If you set this switch, the browser refuses to talk HTTP and refuses to permit certificate errors. For best results, use with a dedicated profile. R=jar Review URL: http://codereview.chromium.org/14421 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6979 0039d316-1c4b-4281-b951-d872f2087c98
Denger-Network · Dec 15, 2008 · 4ed2755 · 4ed2755
1 parent 554c6ef
commit 4ed2755
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/base/base_switches.cc b/base/base_switches.cc
@@ -30,5 +30,8 @@ const wchar_t kProcessType[]                   = L"type";
 // Enable DCHECKs in release mode.
 const wchar_t kEnableDCHECK[]                  = L"enable-dcheck";
 
+// Refuse to make HTTP connections and refuse to accept certificate errors.
+const wchar_t kForceHTTPS[]                    = L"force-https";
+
 }  // namespace switches
 
diff --git a/base/base_switches.h b/base/base_switches.h
@@ -16,6 +16,7 @@ extern const wchar_t kFullMemoryCrashReport[];
 extern const wchar_t kNoErrorDialogs[];
 extern const wchar_t kProcessType[];
 extern const wchar_t kEnableDCHECK[];
+extern const wchar_t kForceHTTPS[];
 
 }  // namespace switches
 

diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
@@ -4,6 +4,8 @@
 
 #include "net/url_request/url_request_http_job.h"
 
+#include "base/base_switches.h"
+#include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/file_util.h"
 #include "base/file_version_info.h"
@@ -37,6 +39,13 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
     return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT);
   }
 
+  // We cache the value of the switch because this code path is hit on every
+  // network request.
+  static const bool kForceHTTPS =
+        CommandLine().HasSwitch(switches::kForceHTTPS);
+  if (kForceHTTPS && scheme != "https")
+    return new URLRequestErrorJob(request, net::ERR_DISALLOWED_URL_SCHEME);
+
   return new URLRequestHttpJob(request);
 }
 
@@ -375,7 +384,8 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
 
   if (result == net::OK) {
     NotifyHeadersComplete();
-  } else if (net::IsCertificateError(result)) {
+  } else if (net::IsCertificateError(result) &&
+             !CommandLine().HasSwitch(switches::kForceHTTPS)) {
     // We encountered an SSL certificate error.  Ask our delegate to decide
     // what we should do.
     // TODO(wtc): also pass ssl_info.cert_status, or just pass the whole