OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 | 92 |
93 measureStricterVersionOfIsMixedContent(frame, url); | 93 measureStricterVersionOfIsMixedContent(frame, url); |
94 if (isMixedContent(frame->document()->securityOrigin(), url)) | 94 if (isMixedContent(frame->document()->securityOrigin(), url)) |
95 return frame; | 95 return frame; |
96 | 96 |
97 // No mixed content, no problem. | 97 // No mixed content, no problem. |
98 return nullptr; | 98 return nullptr; |
99 } | 99 } |
100 | 100 |
101 // static | 101 // static |
102 MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(Web
URLRequest::RequestContext context) | 102 MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(Web
URLRequest::RequestContext context, LocalFrame* frame) |
103 { | 103 { |
104 switch (context) { | 104 switch (context) { |
105 // "Optionally-blockable" mixed content | 105 // "Optionally-blockable" mixed content |
106 case WebURLRequest::RequestContextAudio: | 106 case WebURLRequest::RequestContextAudio: |
107 case WebURLRequest::RequestContextFavicon: | 107 case WebURLRequest::RequestContextFavicon: |
108 case WebURLRequest::RequestContextImage: | 108 case WebURLRequest::RequestContextImage: |
109 case WebURLRequest::RequestContextPlugin: | |
110 case WebURLRequest::RequestContextVideo: | 109 case WebURLRequest::RequestContextVideo: |
111 return ContextTypeOptionallyBlockable; | 110 return ContextTypeOptionallyBlockable; |
112 | 111 |
| 112 // Plugins! Oh how dearly we love plugin-loaded content! |
| 113 case WebURLRequest::RequestContextPlugin: { |
| 114 Settings* settings = frame->settings(); |
| 115 return settings || settings->strictMixedContentCheckingForPlugin() ? Con
textTypeBlockable : ContextTypeOptionallyBlockable; |
| 116 } |
| 117 |
113 // "Blockable" mixed content | 118 // "Blockable" mixed content |
114 case WebURLRequest::RequestContextBeacon: | 119 case WebURLRequest::RequestContextBeacon: |
115 case WebURLRequest::RequestContextCSPReport: | 120 case WebURLRequest::RequestContextCSPReport: |
116 case WebURLRequest::RequestContextEmbed: | 121 case WebURLRequest::RequestContextEmbed: |
117 case WebURLRequest::RequestContextEventSource: | 122 case WebURLRequest::RequestContextEventSource: |
118 case WebURLRequest::RequestContextFetch: | 123 case WebURLRequest::RequestContextFetch: |
119 case WebURLRequest::RequestContextFont: | 124 case WebURLRequest::RequestContextFont: |
120 case WebURLRequest::RequestContextForm: | 125 case WebURLRequest::RequestContextForm: |
121 case WebURLRequest::RequestContextFrame: | 126 case WebURLRequest::RequestContextFrame: |
122 case WebURLRequest::RequestContextHyperlink: | 127 case WebURLRequest::RequestContextHyperlink: |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
239 frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageS
ource, messageLevel, message)); | 244 frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageS
ource, messageLevel, message)); |
240 } | 245 } |
241 | 246 |
242 // static | 247 // static |
243 void MixedContentChecker::count(LocalFrame* frame, WebURLRequest::RequestContext
requestContext) | 248 void MixedContentChecker::count(LocalFrame* frame, WebURLRequest::RequestContext
requestContext) |
244 { | 249 { |
245 UseCounter::count(frame, UseCounter::MixedContentPresent); | 250 UseCounter::count(frame, UseCounter::MixedContentPresent); |
246 | 251 |
247 // Roll blockable content up into a single counter, count unblocked types in
dividually so we | 252 // Roll blockable content up into a single counter, count unblocked types in
dividually so we |
248 // can determine when they can be safely moved to the blockable category: | 253 // can determine when they can be safely moved to the blockable category: |
249 ContextType contextType = contextTypeFromContext(requestContext); | 254 ContextType contextType = contextTypeFromContext(requestContext, frame); |
250 if (contextType == ContextTypeBlockable) { | 255 if (contextType == ContextTypeBlockable) { |
251 UseCounter::count(frame, UseCounter::MixedContentBlockable); | 256 UseCounter::count(frame, UseCounter::MixedContentBlockable); |
252 return; | 257 return; |
253 } | 258 } |
254 | 259 |
255 UseCounter::Feature feature; | 260 UseCounter::Feature feature; |
256 switch (requestContext) { | 261 switch (requestContext) { |
257 case WebURLRequest::RequestContextAudio: | 262 case WebURLRequest::RequestContextAudio: |
258 feature = UseCounter::MixedContentAudio; | 263 feature = UseCounter::MixedContentAudio; |
259 break; | 264 break; |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
297 | 302 |
298 Settings* settings = mixedFrame->settings(); | 303 Settings* settings = mixedFrame->settings(); |
299 FrameLoaderClient* client = mixedFrame->loader().client(); | 304 FrameLoaderClient* client = mixedFrame->loader().client(); |
300 SecurityOrigin* securityOrigin = mixedFrame->document()->securityOrigin(); | 305 SecurityOrigin* securityOrigin = mixedFrame->document()->securityOrigin(); |
301 bool allowed = false; | 306 bool allowed = false; |
302 | 307 |
303 // If we're in strict mode, we'll automagically fail everything, and intenti
onally skip | 308 // If we're in strict mode, we'll automagically fail everything, and intenti
onally skip |
304 // the client checks in order to prevent degrading the site's security UI. | 309 // the client checks in order to prevent degrading the site's security UI. |
305 bool strictMode = mixedFrame->document()->shouldEnforceStrictMixedContentChe
cking() || settings->strictMixedContentChecking(); | 310 bool strictMode = mixedFrame->document()->shouldEnforceStrictMixedContentChe
cking() || settings->strictMixedContentChecking(); |
306 | 311 |
307 ContextType contextType = contextTypeFromContext(requestContext); | 312 ContextType contextType = contextTypeFromContext(requestContext, mixedFrame)
; |
308 | 313 |
309 // If we're loading the main resource of a subframe, we need to take a close
look at the loaded URL. | 314 // If we're loading the main resource of a subframe, we need to take a close
look at the loaded URL. |
310 // If we're dealing with a CORS-enabled scheme, then block mixed frames as a
ctive content. Otherwise, | 315 // If we're dealing with a CORS-enabled scheme, then block mixed frames as a
ctive content. Otherwise, |
311 // treat frames as passive content. | 316 // treat frames as passive content. |
312 // | 317 // |
313 // FIXME: Remove this temporary hack once we have a reasonable API for launc
hing external applications | 318 // FIXME: Remove this temporary hack once we have a reasonable API for launc
hing external applications |
314 // via URLs. http://crbug.com/318788 and https://crbug.com/393481 | 319 // via URLs. http://crbug.com/318788 and https://crbug.com/393481 |
315 if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTr
eatURLSchemeAsCORSEnabled(url.protocol())) | 320 if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTr
eatURLSchemeAsCORSEnabled(url.protocol())) |
316 contextType = ContextTypeOptionallyBlockable; | 321 contextType = ContextTypeOptionallyBlockable; |
317 | 322 |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
416 { | 421 { |
417 if (!frame || !frame->document() || !frame->document()->loader()) | 422 if (!frame || !frame->document() || !frame->document()->loader()) |
418 return; | 423 return; |
419 | 424 |
420 // Just count these for the moment, don't block them. | 425 // Just count these for the moment, don't block them. |
421 if (Platform::current()->isReservedIPAddress(resourceIPAddress) && !frame->d
ocument()->isHostedInReservedIPRange()) | 426 if (Platform::current()->isReservedIPAddress(resourceIPAddress) && !frame->d
ocument()->isHostedInReservedIPRange()) |
422 UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHost
nameInPublicHostname); | 427 UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHost
nameInPublicHostname); |
423 } | 428 } |
424 | 429 |
425 } // namespace blink | 430 } // namespace blink |
OLD | NEW |