Index: Source/core/loader/MixedContentChecker.cpp |
diff --git a/Source/core/loader/MixedContentChecker.cpp b/Source/core/loader/MixedContentChecker.cpp |
index c130d131a6d0f55791e34edf1feee5309d827fa1..449058f80cec9b82bb8e0a250f6ee313b3b95c8c 100644 |
--- a/Source/core/loader/MixedContentChecker.cpp |
+++ b/Source/core/loader/MixedContentChecker.cpp |
@@ -99,17 +99,22 @@ LocalFrame* MixedContentChecker::inWhichFrameIsContentMixed(LocalFrame* frame, W |
} |
// static |
-MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(WebURLRequest::RequestContext context) |
+MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(WebURLRequest::RequestContext context, LocalFrame* frame) |
{ |
switch (context) { |
// "Optionally-blockable" mixed content |
case WebURLRequest::RequestContextAudio: |
case WebURLRequest::RequestContextFavicon: |
case WebURLRequest::RequestContextImage: |
- case WebURLRequest::RequestContextPlugin: |
case WebURLRequest::RequestContextVideo: |
return ContextTypeOptionallyBlockable; |
+ // Plugins! Oh how dearly we love plugin-loaded content! |
+ case WebURLRequest::RequestContextPlugin: { |
+ Settings* settings = frame->settings(); |
+ return settings || settings->strictMixedContentCheckingForPlugin() ? ContextTypeBlockable : ContextTypeOptionallyBlockable; |
+ } |
+ |
// "Blockable" mixed content |
case WebURLRequest::RequestContextBeacon: |
case WebURLRequest::RequestContextCSPReport: |
@@ -246,7 +251,7 @@ void MixedContentChecker::count(LocalFrame* frame, WebURLRequest::RequestContext |
// Roll blockable content up into a single counter, count unblocked types individually so we |
// can determine when they can be safely moved to the blockable category: |
- ContextType contextType = contextTypeFromContext(requestContext); |
+ ContextType contextType = contextTypeFromContext(requestContext, frame); |
if (contextType == ContextTypeBlockable) { |
UseCounter::count(frame, UseCounter::MixedContentBlockable); |
return; |
@@ -304,7 +309,7 @@ bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req |
// the client checks in order to prevent degrading the site's security UI. |
bool strictMode = mixedFrame->document()->shouldEnforceStrictMixedContentChecking() || settings->strictMixedContentChecking(); |
- ContextType contextType = contextTypeFromContext(requestContext); |
+ ContextType contextType = contextTypeFromContext(requestContext, mixedFrame); |
// If we're loading the main resource of a subframe, we need to take a close look at the loaded URL. |
// If we're dealing with a CORS-enabled scheme, then block mixed frames as active content. Otherwise, |