Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(152)

Unified Diff: chrome/browser/ssl/ssl_manager.h

Issue 46094: Fix our handling of mixed SSL / non-SSL content.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/ssl/ssl_manager.h
===================================================================
--- chrome/browser/ssl/ssl_manager.h (revision 11701)
+++ chrome/browser/ssl/ssl_manager.h (working copy)
@@ -76,6 +76,15 @@
// Available on either thread.
const GURL& request_url() const { return request_url_; }
+ // Available on either thread.
+ ResourceType::Type resource_type() const { return resource_type_; }
+
+ // Available on either thread.
+ const std::string& frame_origin() const { return frame_origin_; }
+
+ // Available on either thread.
+ const std::string& main_frame_origin() const { return main_frame_origin_; }
+
// Call on the UI thread.
SSLManager* manager() const { return manager_; }
@@ -118,6 +127,9 @@
// Construct on the IO thread.
ErrorHandler(ResourceDispatcherHost* resource_dispatcher_host,
URLRequest* request,
+ ResourceType::Type resource_type,
+ const std::string& frame_origin,
+ const std::string& main_frame_origin,
MessageLoop* ui_loop);
// The following 2 methods are the methods subclasses should implement.
@@ -164,12 +176,26 @@
int render_process_host_id_;
int tab_contents_id_;
+ // The URL that we requested.
// This read-only member can be accessed on any thread.
- const GURL request_url_; // The URL that we requested.
+ const GURL request_url_;
+ // What kind of resource is associated with the requested that generated
+ // that error.
+ // This read-only member can be accessed on any thread.
+ const ResourceType::Type resource_type_;
+
+ // The origin of the frame associated with this request.
+ // This read-only member can be accessed on any thread.
+ const std::string frame_origin_;
+
+ // The origin of the main frame associated with this request.
+ // This read-only member can be accessed on any thread.
+ const std::string main_frame_origin_;
+
+ // A flag to make sure we notify the URLRequest exactly once.
// Should only be accessed on the IO thread
- bool request_has_been_notified_; // A flag to make sure we notify the
- // URLRequest exactly once.
+ bool request_has_been_notified_;
DISALLOW_COPY_AND_ASSIGN(ErrorHandler);
};
@@ -186,8 +212,7 @@
const net::SSLInfo& ssl_info() const { return ssl_info_; }
int cert_error() const { return cert_error_; }
- ResourceType::Type resource_type() const { return resource_type_; }
- private:
+ private:
// SSLManager is responsible for creating CertError objects.
friend class SSLManager;
@@ -197,6 +222,8 @@
CertError(ResourceDispatcherHost* resource_dispatcher_host,
URLRequest* request,
ResourceType::Type resource_type,
+ const std::string& frame_origin,
+ const std::string& main_frame_origin,
int cert_error,
net::X509Certificate* cert,
MessageLoop* ui_loop);
@@ -209,10 +236,6 @@
net::SSLInfo ssl_info_;
const int cert_error_; // The error we represent.
- // What kind of resource is associated with the requested that generated
- // that error.
- ResourceType::Type resource_type_;
-
DISALLOW_COPY_AND_ASSIGN(CertError);
};
@@ -223,9 +246,12 @@
// Created on the IO thread.
MixedContentHandler(ResourceDispatcherHost* rdh,
URLRequest* request,
+ ResourceType::Type resource_type,
+ const std::string& frame_origin,
+ const std::string& main_frame_origin,
MessageLoop* ui_loop)
- : ErrorHandler(rdh, request, ui_loop) { }
-
+ : ErrorHandler(rdh, request, resource_type, frame_origin,
+ main_frame_origin, ui_loop) { }
protected:
virtual void OnDispatchFailed() { TakeNoAction(); }
virtual void OnDispatched() { manager()->OnMixedContent(this); }
@@ -234,6 +260,44 @@
DISALLOW_COPY_AND_ASSIGN(MixedContentHandler);
};
+ class RequestInfo : public base::RefCounted<RequestInfo> {
+ public:
+ RequestInfo(SSLManager* manager,
+ const GURL& url,
+ ResourceType::Type resource_type,
+ const std::string& frame_origin,
+ const std::string& main_frame_origin,
+ int ssl_cert_id,
+ int ssl_cert_status)
+ : manager_(manager),
+ url_(url),
+ resource_type_(resource_type),
+ frame_origin_(frame_origin),
+ main_frame_origin_(main_frame_origin),
+ ssl_cert_id_(ssl_cert_id),
+ ssl_cert_status_(ssl_cert_status) {
+ }
+
+ SSLManager* manager() const { return manager_; }
+ const GURL& url() const { return url_; }
+ ResourceType::Type resource_type() const { return resource_type_; }
+ const std::string& frame_origin() const { return frame_origin_; }
+ const std::string& main_frame_origin() const { return main_frame_origin_; }
+ int ssl_cert_id() const { return ssl_cert_id_; }
+ int ssl_cert_status() const { return ssl_cert_status_; }
+
+ private:
+ SSLManager* manager_;
+ GURL url_;
+ ResourceType::Type resource_type_;
+ std::string frame_origin_;
+ std::string main_frame_origin_;
+ int ssl_cert_id_;
+ int ssl_cert_status_;
+
+ DISALLOW_COPY_AND_ASSIGN(RequestInfo);
+ };
+
// The SSLManager will ask its delegate to decide how to handle events
// relevant to SSL. Delegates are expected to be stateless and intended to be
// easily implementable.
@@ -246,25 +310,17 @@
class Delegate {
public:
// An error occurred with the certificate in an SSL connection.
- virtual void OnCertError(const GURL& main_frame_url, CertError* error) = 0;
+ virtual void OnCertError(CertError* error) = 0;
// A request for a mixed-content resource was made. Note that the resource
// request was not started yet and the delegate is responsible for starting
// it.
- virtual void OnMixedContent(
- NavigationController* navigation_controller,
- const GURL& main_frame_url,
- MixedContentHandler* mixed_content_handler) = 0;
+ virtual void OnMixedContent(MixedContentHandler* handler) = 0;
- // We have started a resource request for the given URL.
- virtual void OnRequestStarted(SSLManager* manager,
- const GURL& url,
- ResourceType::Type resource_type,
- int ssl_cert_id,
- int ssl_cert_status) = 0;
+ // We have started a resource request with the given info.
+ virtual void OnRequestStarted(RequestInfo* info) = 0;
- // Returns the default security style for a given URL.
- virtual SecurityStyle GetDefaultStyle(const GURL& url) = 0;
+ virtual void UpdateEntry(SSLManager* manager, NavigationEntry* entry) = 0;
};
static void RegisterUserPrefs(PrefService* prefs);
@@ -291,19 +347,12 @@
const std::wstring& link_text,
Task* task);
- // Sets the maximum security style for the page. If the current security
- // style is lower than |style|, this will not have an effect on the security
- // indicators.
- //
- // It will return true if the navigation entry was updated or false if
- // nothing changed. The caller is responsible for broadcasting
- // NOTIFY_SSY_STATE_CHANGED if it returns true.
- bool SetMaxSecurityStyle(SecurityStyle style);
-
// Logs a message to the console of the page.
- void AddMessageToConsole(const std::wstring& msg,
- ConsoleMessageLevel level);
+ void AddMessageToConsole(const std::wstring& msg, ConsoleMessageLevel level);
+ void MarkHostAsBroken(const std::string& host);
+ bool DidMarkHostAsBroken(const std::string& host) const;
+
// Records that |cert| is permitted to be used for |host| in the future.
void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
@@ -314,14 +363,11 @@
net::X509Certificate::Policy::Judgment QueryPolicy(
net::X509Certificate* cert, const std::string& host);
- // Allow mixed/unsafe content to be visible (non filtered) for the specified
- // URL.
- // Note that the current implementation allows on a host name basis.
- void AllowShowInsecureContentForURL(const GURL& url);
+ // Allow mixed content to be visible (non filtered).
+ void AllowMixedContentForHost(const std::string& host);
- // Returns whether the specified URL is allowed to show insecure (mixed or
- // unsafe) content.
- bool CanShowInsecureContent(const GURL& url);
+ // Returns whether the specified host is allowed to show mixed content.
+ bool DidAllowMixedContentForHost(const std::string& host) const;
//
//////////////////////////////////////////////////////////////////////////////
@@ -343,16 +389,17 @@
net::X509Certificate* cert,
MessageLoop* ui_loop);
- // Called when a mixed-content sub-resource request has been detected. The
- // request is not started yet. The SSLManager will make a decision on whether
- // to filter that request's content (with the filter_policy flag).
+ // Called before a URL request has been started. Returns whether the resource
+ // request should be delayed while we figure out what to do. We use this
+ // function as the entry point for our mixed content detection.
+ //
// TODO(jcampan): Implement a way to just cancel the request. This is not
// straight-forward as canceling a request that has not been started will
// not remove from the pending_requests_ of the ResourceDispatcherHost.
// Called on the IO thread.
- static void OnMixedContentRequest(ResourceDispatcherHost* resource_dispatcher,
- URLRequest* request,
- MessageLoop* ui_loop);
+ static bool ShouldDelayRequest(ResourceDispatcherHost* resource_dispatcher,
+ URLRequest* request,
+ MessageLoop* ui_loop);
// Called by CertError::Dispatch to kick off processing of the cert error by
// the SSL manager. The error originated from the ResourceDispatcherHost.
@@ -436,10 +483,17 @@
void DidFailProvisionalLoadWithError(ProvisionalLoadDetails* details);
void DidStartResourceResponse(ResourceRequestDetails* details);
void DidReceiveResourceRedirect(ResourceRedirectDetails* details);
+ void DidChangeSSLInternalState();
- // Convenience method for initializing navigation entries.
- void InitializeEntryIfNeeded(NavigationEntry* entry);
+ // Dispatch NotificationType::SSL_INTERNAL_STATE_CHANGED notification.
+ void DispatchSSLInternalStateChanged();
+ // Dispatch NotificationType::SSL_VISIBLE_STATE_CHANGED notification.
+ void DispatchSSLVisibleStateChanged();
+
+ // Update the NavigationEntry with our current state.
+ void UpdateEntry(NavigationEntry* entry);
+
// Shows the pending messages (in info-bars) if any.
void ShowPendingMessages();

Powered by Google App Engine
This is Rietveld 408576698