| commit | 0be77e826a4b83c35ec8aec887be5090de7ea8bb | |
| author | estark <estark@chromium.org> | |
| Mon, 4 May 2015 23:29:02 +0000 (4 16:29 -0700) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Mon, 4 May 2015 23:29:39 +0000 (4 23:29 +0000) | ||
| tree | 6dcad4754cd75a480b1ab06fbe6777e32d358bb8 | treesnapshot (tar.gz zip) |
| parent | 91e5652fb022a8cc6d2982defeaa912c4d2ef9d2 | commitdiff |
Omit cookies when uploading certificate reports over HTTP
Invalid certificate reports go to Safe Browsing servers, so they should
contain cookies when possible: that is, we want to send them when
uploading the report over HTTPS, but we don't want to send the cookies
in the clear when uploading over HTTP.
Note: once BoringSSL is supported on all platforms, we will start
sending encrypted reports over HTTP always, and so the cookie-preference
code will be able to go away.
BUG=482724
Review URL: https://codereview.chromium.org/1126653002
Cr-Commit-Position: refs/heads/master@{#328216}
Invalid certificate reports go to Safe Browsing servers, so they should
contain cookies when possible: that is, we want to send them when
uploading the report over HTTPS, but we don't want to send the cookies
in the clear when uploading over HTTP.
Note: once BoringSSL is supported on all platforms, we will start
sending encrypted reports over HTTP always, and so the cookie-preference
code will be able to go away.
BUG=482724
Review URL: https://codereview.chromium.org/1126653002
Cr-Commit-Position: refs/heads/master@{#328216}
| chrome/browser/safe_browsing/ping_manager.cc | diffblobblamehistory |