diff --git a/components/certificate_transparency/chrome_require_ct_delegate.cc b/components/certificate_transparency/chrome_require_ct_delegate.cc
index 37a0d23e8a631..9e8990a6d90f1 100644
--- a/components/certificate_transparency/chrome_require_ct_delegate.cc
+++ b/components/certificate_transparency/chrome_require_ct_delegate.cc
@@ -176,7 +176,7 @@ ChromeRequireCTDelegate::~ChromeRequireCTDelegate() {}
net::TransportSecurityState::RequireCTDelegate::CTRequirementLevel
ChromeRequireCTDelegate::IsCTRequiredForHost(
- const std::string& hostname,
+ std::string_view hostname,
const net::X509Certificate* chain,
const net::HashValueVector& spki_hashes) {
if (MatchHostname(hostname) || MatchSPKI(chain, spki_hashes)) {
@@ -203,7 +203,7 @@ void ChromeRequireCTDelegate::UpdateCTPolicies(
ParseSpkiHashes(excluded_spkis, &spkis_);
}
-bool ChromeRequireCTDelegate::MatchHostname(const std::string& hostname) const {
+bool ChromeRequireCTDelegate::MatchHostname(std::string_view hostname) const {
if (url_matcher_->IsEmpty())
return false;
diff --git a/components/certificate_transparency/chrome_require_ct_delegate.h b/components/certificate_transparency/chrome_require_ct_delegate.h
index b8ec70abd86b7..8cfd51f8a919b 100644
--- a/components/certificate_transparency/chrome_require_ct_delegate.h
+++ b/components/certificate_transparency/chrome_require_ct_delegate.h
@@ -7,6 +7,7 @@
#include <memory>
#include <string>
+#include <string_view>
#include <vector>
#include "base/component_export.h"
@@ -44,7 +45,7 @@ class COMPONENT_EXPORT(CERTIFICATE_TRANSPARENCY) ChromeRequireCTDelegate
// RequireCTDelegate implementation
CTRequirementLevel IsCTRequiredForHost(
- const std::string& hostname,
+ std::string_view hostname,
const net::X509Certificate* chain,
const net::HashValueVector& spki_hashes) override;
@@ -62,7 +63,7 @@ class COMPONENT_EXPORT(CERTIFICATE_TRANSPARENCY) ChromeRequireCTDelegate
// Returns true if a policy to disable Certificate Transparency for |hostname|
// is found.
- bool MatchHostname(const std::string& hostname) const;
+ bool MatchHostname(std::string_view hostname) const;
// Returns true if a policy to disable Certificate Transparency for |chain|,
// which contains the SPKI hashes |hashes|, is found.
diff --git a/net/http/http_security_headers.cc b/net/http/http_security_headers.cc
index ba7b235ecf1a3..84942ef527de0 100644
--- a/net/http/http_security_headers.cc
+++ b/net/http/http_security_headers.cc
@@ -69,7 +69,7 @@ bool MaxAgeToLimitedInt(std::string_view s, uint32_t limit, uint32_t* result) {
// the UA, the UA MUST ignore the unrecognized directives and if the
// STS header field otherwise satisfies the above requirements (1
// through 4), the UA MUST process the recognized directives.
-bool ParseHSTSHeader(const std::string& value,
+bool ParseHSTSHeader(std::string_view value,
base::TimeDelta* max_age,
bool* include_subdomains) {
uint32_t max_age_value = 0;
diff --git a/net/http/http_security_headers.h b/net/http/http_security_headers.h
index 2ada38bae7998..897d1d2559fb5 100644
--- a/net/http/http_security_headers.h
+++ b/net/http/http_security_headers.h
@@ -7,7 +7,7 @@
#include <stdint.h>
-#include <string>
+#include <string_view>
#include "base/time/time.h"
#include "net/base/hash_value.h"
@@ -29,7 +29,7 @@ const uint32_t kMaxHPKPAgeSecs = 86400 * 60; // 60 days
//
// "Strict-Transport-Security" ":"
// [ directive ] *( ";" [ directive ] )
-bool NET_EXPORT_PRIVATE ParseHSTSHeader(const std::string& value,
+bool NET_EXPORT_PRIVATE ParseHSTSHeader(std::string_view value,
base::TimeDelta* max_age,
bool* include_subdomains);
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
index 141635e65b1c4..076af582136a0 100644
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -87,7 +87,7 @@ bool AddHash(const char* sha256_hash, HashValueVector* out) {
// Converts |hostname| from dotted form ("www.google.com") to the form
// used in DNS: "\x03www\x06google\x03com", lowercases that, and returns
// the result.
-std::vector<uint8_t> CanonicalizeHost(const std::string& host) {
+std::vector<uint8_t> CanonicalizeHost(std::string_view host) {
// We cannot perform the operations as detailed in the spec here as `host`
// has already undergone IDN processing before it reached us. Thus, we
// lowercase the input (probably redudnant since most input here has been
@@ -335,7 +335,6 @@ TransportSecurityState::CheckCTRequirements(
const X509Certificate* validated_certificate_chain,
ct::CTPolicyCompliance policy_compliance) {
using CTRequirementLevel = RequireCTDelegate::CTRequirementLevel;
- std::string hostname = host_port_pair.host();
// If CT is emergency disabled, we don't require CT for any host.
if (ct_emergency_disable_) {
@@ -361,7 +360,7 @@ TransportSecurityState::CheckCTRequirements(
if (require_ct_delegate_) {
// Allow the delegate to override the CT requirement state.
ct_required = require_ct_delegate_->IsCTRequiredForHost(
- hostname, validated_certificate_chain, public_key_hashes);
+ host_port_pair.host(), validated_certificate_chain, public_key_hashes);
}
switch (ct_required) {
case CTRequirementLevel::REQUIRED:
@@ -405,7 +404,7 @@ void TransportSecurityState::UpdatePinList(
}
void TransportSecurityState::AddHSTSInternal(
- const std::string& host,
+ std::string_view host,
TransportSecurityState::STSState::UpgradeMode upgrade_mode,
const base::Time& expiry,
bool include_subdomains) {
@@ -434,7 +433,7 @@ void TransportSecurityState::AddHSTSInternal(
DirtyNotify();
}
-void TransportSecurityState::AddHPKPInternal(const std::string& host,
+void TransportSecurityState::AddHPKPInternal(std::string_view host,
const base::Time& last_observed,
const base::Time& expiry,
bool include_subdomains,
@@ -565,8 +564,8 @@ void TransportSecurityState::DirtyNotify() {
delegate_->StateIsDirty(this);
}
-bool TransportSecurityState::AddHSTSHeader(const std::string& host,
- const std::string& value) {
+bool TransportSecurityState::AddHSTSHeader(std::string_view host,
+ std::string_view value) {
DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
base::Time now = base::Time::Now();
@@ -588,14 +587,14 @@ bool TransportSecurityState::AddHSTSHeader(const std::string& host,
return true;
}
-void TransportSecurityState::AddHSTS(const std::string& host,
+void TransportSecurityState::AddHSTS(std::string_view host,
const base::Time& expiry,
bool include_subdomains) {
DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
AddHSTSInternal(host, STSState::MODE_FORCE_HTTPS, expiry, include_subdomains);
}
-void TransportSecurityState::AddHPKP(const std::string& host,
+void TransportSecurityState::AddHPKP(std::string_view host,
const base::Time& expiry,
bool include_subdomains,
const HashValueVector& hashes) {
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index ecb2cb8eaa0b2..fa6c2f003f3ae 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -12,6 +12,7 @@
#include <optional>
#include <set>
#include <string>
+#include <string_view>
#include "base/feature_list.h"
#include "base/functional/callback.h"
@@ -105,7 +106,7 @@ class NET_EXPORT TransportSecurityState {
// |chain| are not guaranteed to be in the same order - that is, the first
// hash in |hashes| is NOT guaranteed to be for the leaf cert in |chain|.
virtual CTRequirementLevel IsCTRequiredForHost(
- const std::string& hostname,
+ std::string_view hostname,
const X509Certificate* chain,
const HashValueVector& hashes) = 0;
@@ -417,17 +418,17 @@ class NET_EXPORT TransportSecurityState {
// Processes an HSTS header value from the host, adding entries to
// dynamic state if necessary.
- bool AddHSTSHeader(const std::string& host, const std::string& value);
+ bool AddHSTSHeader(std::string_view host, std::string_view value);
// Adds explicitly-specified data as if it was processed from an
// HSTS header (used for net-internals and unit tests).
- void AddHSTS(const std::string& host,
+ void AddHSTS(std::string_view host,
const base::Time& expiry,
bool include_subdomains);
// Adds explicitly-specified data as if it was processed from an HPKP header.
// Note: dynamic PKP data is not persisted.
- void AddHPKP(const std::string& host,
+ void AddHPKP(std::string_view host,
const base::Time& expiry,
bool include_subdomains,
const HashValueVector& hashes);
@@ -485,11 +486,11 @@ class NET_EXPORT TransportSecurityState {
// any previous state for the |host|, including static entries.
//
// The new state for |host| is persisted using the Delegate (if any).
- void AddHSTSInternal(const std::string& host,
+ void AddHSTSInternal(std::string_view host,
STSState::UpgradeMode upgrade_mode,
const base::Time& expiry,
bool include_subdomains);
- void AddHPKPInternal(const std::string& host,
+ void AddHPKPInternal(std::string_view host,
const base::Time& last_observed,
const base::Time& expiry,
bool include_subdomains,
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc
index 7ebc64dc49cd6..92ea84f0ba06b 100644
--- a/net/http/transport_security_state_unittest.cc
+++ b/net/http/transport_security_state_unittest.cc
@@ -99,7 +99,7 @@ const char* const kBadPath[] = {
class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate {
public:
MOCK_METHOD3(IsCTRequiredForHost,
- CTRequirementLevel(const std::string& hostname,
+ CTRequirementLevel(std::string_view hostname,
const X509Certificate* chain,
const HashValueVector& hashes));
};
diff --git a/net/quic/crypto/proof_verifier_chromium_test.cc b/net/quic/crypto/proof_verifier_chromium_test.cc
index 5d49d33382823..7e145449327ab 100644
--- a/net/quic/crypto/proof_verifier_chromium_test.cc
+++ b/net/quic/crypto/proof_verifier_chromium_test.cc
@@ -71,7 +71,7 @@ class FailsTestCertVerifier : public CertVerifier {
class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate {
public:
MOCK_METHOD3(IsCTRequiredForHost,
- CTRequirementLevel(const std::string& host,
+ CTRequirementLevel(std::string_view host,
const X509Certificate* chain,
const HashValueVector& hashes));
};
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 3750f821ca856..ba9b7868976ae 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -589,7 +589,7 @@ class DeleteSocketCallback : public TestCompletionCallbackBase {
class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate {
public:
MOCK_METHOD3(IsCTRequiredForHost,
- CTRequirementLevel(const std::string& host,
+ CTRequirementLevel(std::string_view host,
const X509Certificate* chain,
const HashValueVector& hashes));
};
diff --git a/net/spdy/spdy_session_unittest.cc b/net/spdy/spdy_session_unittest.cc
index 21820ff8fb894..fde686e0d62d6 100644
--- a/net/spdy/spdy_session_unittest.cc
+++ b/net/spdy/spdy_session_unittest.cc
@@ -111,7 +111,7 @@ base::TimeTicks InstantaneousReads() {
class MockRequireCTDelegate : public TransportSecurityState::RequireCTDelegate {
public:
MOCK_METHOD3(IsCTRequiredForHost,
- CTRequirementLevel(const std::string& host,
+ CTRequirementLevel(std::string_view host,
const X509Certificate* chain,
const HashValueVector& hashes));
};
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 60a3db0490f57..64154f3078000 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -1213,9 +1213,11 @@ void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() {
// message over secure transport, then the UA MUST process only the
// first such header field.
HttpResponseHeaders* headers = GetResponseHeaders();
- std::string value;
- if (headers->EnumerateHeader(nullptr, "Strict-Transport-Security", &value))
- security_state->AddHSTSHeader(request_info_.url.host(), value);
+ std::optional<std::string_view> value;
+ if ((value =
+ headers->EnumerateHeader(nullptr, "Strict-Transport-Security"))) {
+ security_state->AddHSTSHeader(request_info_.url.host(), *value);
+ }
}
void URLRequestHttpJob::OnStartCompleted(int result) {