Google Git
Sign in
chromium / chromium / src.git / 9f9f86ce20db46dfed79eff111eed7a2f3bff48d^! / . / net / http / http_network_transaction.cc
commit9f9f86ce20db46dfed79eff111eed7a2f3bff48d[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Mar 12 22:32:42 2009
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Thu Mar 12 22:32:42 2009
tree536f442ef16f88638f8cb114ea7afde6a443536c
parente352f3558792e1dc0e3910b87ba7ad4ed68ce37d [diff] [blame]
Clean up our fix for bug 7338 and bug 8473, which went
through several iterations.

R=abarth
BUG=7338,8473
Review URL: http://codereview.chromium.org/42148

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11589 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 95c0aef5..bcd5205 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc

@@ -215,6 +215,8 @@
     // network attacker can already control HTTP sessions.
     // We reach this case when the user cancels a 407 proxy auth prompt.
     // See http://crbug.com/8473
+    DCHECK(response_.headers->response_code() == 407);
+    LogBlockedTunnelResponse(*response_.headers);
     return ERR_TUNNEL_CONNECTION_FAILED;
   }
 
@@ -953,6 +955,14 @@
       static_cast<int> (response_body_read_ / duration.InMilliseconds()));
 }
 
+void HttpNetworkTransaction::LogBlockedTunnelResponse(
+    const HttpResponseHeaders& headers) const {
+  LOG(WARNING) << "Blocked proxy response with status "
+               << headers.response_code() << " to CONNECT request for "
+               << request_->url.host() << ":"
+               << request_->url.EffectiveIntPort() << ".";
+}
+
 int HttpNetworkTransaction::DidReadResponseHeaders() {
   scoped_refptr<HttpResponseHeaders> headers;
   if (has_found_status_line_start()) {
@@ -1011,11 +1021,7 @@
         // 501 response bodies that contain a useful error message.  For
         // example, Squid uses a 404 response to report the DNS error: "The
         // domain name does not exist."
-        LOG(WARNING) <<
-            "Blocked proxy response to CONNECT request with status " <<
-            headers->response_code() << " for " <<
-            request_->url.host() << ":" <<
-            request_->url.EffectiveIntPort() << ".";
+        LogBlockedTunnelResponse(*headers);
         return ERR_TUNNEL_CONNECTION_FAILED;
     }
   }
@@ -1425,6 +1431,7 @@
       // We are establishing a tunnel, we can't show the error page because an
       // active network attacker could control its contents.  Instead, we just
       // fail to establish the tunnel.
+      DCHECK(target == HttpAuth::AUTH_PROXY);
       return ERR_PROXY_AUTH_REQUESTED;
     }
     // We found no supported challenge -- let the transaction continue