Strict transport security: come out from behind the flag.

With this change, Strict Transport Security is active by default and doesn't need the --force-https flag any more. http://codereview.chromium.org/193067 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25888 0039d316-1c4b-4281-b951-d872f2087c98
Denger-Network · Sep 10, 2009 · 90b1530 · 90b1530
1 parent 6b60f1d
commit 90b1530
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 24 deletions.
diff --git a/base/base_switches.cc b/base/base_switches.cc
@@ -34,14 +34,4 @@ const wchar_t kEnableDCHECK[]                  = L"enable-dcheck";
 // scripts that do not have a user interface.
 const wchar_t kNoMessageBox[]                  = L"no-message-box";
 
-// Refuse to make HTTP connections and refuse to accept certificate errors.
-// For more information about the design of this feature, please see
-//
-//   ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
-//   Collin Jackson and Adam Barth
-//   In Proc. of the 17th International World Wide Web Conference (WWW 2008)
-//
-// Available at http://www.adambarth.com/papers/2008/jackson-barth.pdf
-const wchar_t kForceHTTPS[]                    = L"force-https";
-
 }  // namespace switches
diff --git a/base/base_switches.h b/base/base_switches.h
@@ -17,7 +17,6 @@ extern const wchar_t kNoErrorDialogs[];
 extern const wchar_t kProcessType[];
 extern const wchar_t kEnableDCHECK[];
 extern const wchar_t kNoMessageBox[];
-extern const wchar_t kForceHTTPS[];
 
 }  // namespace switches
 

diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
@@ -46,11 +46,7 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
     return new URLRequestErrorJob(request, net::ERR_INVALID_ARGUMENT);
   }
 
-  // We cache the value of the switch because this code path is hit on every
-  // network request.
-  static const bool kForceHTTPS =
-      CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS);
-  if (kForceHTTPS && scheme == "http" &&
+  if (scheme == "http" &&
       request->context()->strict_transport_security_state() &&
       request->context()->strict_transport_security_state()->IsEnabledForHost(
           request->url().host())) {
@@ -486,10 +482,6 @@ bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) {
   if (!net::IsCertificateError(result))
     return false;
 
-  // Hide the fancy processing behind a command line switch.
-  if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS))
-    return true;
-
   // Check whether our context is using Strict-Transport-Security.
   if (!context_->strict_transport_security_state())
     return true;
@@ -698,10 +690,6 @@ void URLRequestHttpJob::FetchResponseCookies() {
 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
   DCHECK(response_info_);
 
-  // Hide processing behind a command line flag.
-  if (!CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS))
-    return;
-
   // Only process Strict-Transport-Security from HTTPS responses.
   if (request_info_.url.scheme() != "https")
     return;