Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1187)

Unified Diff: Source/core/loader/MixedContentChecker.cpp

Issue 1299493003: Attach mixed content status to resource requests when sent to devtools (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: isMixedContent() -> ContextTypeNotMixedContent, and rename devtools protocol enum Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: Source/core/loader/MixedContentChecker.cpp
diff --git a/Source/core/loader/MixedContentChecker.cpp b/Source/core/loader/MixedContentChecker.cpp
index 449058f80cec9b82bb8e0a250f6ee313b3b95c8c..f3d6ce34e2ab9679811fe6ecb0a7730b061abd19 100644
--- a/Source/core/loader/MixedContentChecker.cpp
+++ b/Source/core/loader/MixedContentChecker.cpp
@@ -38,6 +38,7 @@
#include "core/loader/FrameLoader.h"
#include "core/loader/FrameLoaderClient.h"
#include "platform/RuntimeEnabledFeatures.h"
+#include "platform/network/ResourceRequest.h"
#include "platform/weborigin/SchemeRegistry.h"
#include "platform/weborigin/SecurityOrigin.h"
#include "public/platform/Platform.h"
@@ -99,7 +100,7 @@ LocalFrame* MixedContentChecker::inWhichFrameIsContentMixed(LocalFrame* frame, W
}
// static
-MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(WebURLRequest::RequestContext context, LocalFrame* frame)
+ResourceRequest::ContextType MixedContentChecker::contextTypeFromContext(WebURLRequest::RequestContext context, LocalFrame* frame)
{
switch (context) {
// "Optionally-blockable" mixed content
@@ -107,12 +108,12 @@ MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(Web
case WebURLRequest::RequestContextFavicon:
case WebURLRequest::RequestContextImage:
case WebURLRequest::RequestContextVideo:
- return ContextTypeOptionallyBlockable;
+ return ResourceRequest::ContextTypeOptionallyBlockable;
// Plugins! Oh how dearly we love plugin-loaded content!
case WebURLRequest::RequestContextPlugin: {
Settings* settings = frame->settings();
- return settings || settings->strictMixedContentCheckingForPlugin() ? ContextTypeBlockable : ContextTypeOptionallyBlockable;
+ return settings || settings->strictMixedContentCheckingForPlugin() ? ResourceRequest::ContextTypeBlockable : ResourceRequest::ContextTypeOptionallyBlockable;
}
// "Blockable" mixed content
@@ -141,19 +142,19 @@ MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(Web
case WebURLRequest::RequestContextWorker:
case WebURLRequest::RequestContextXMLHttpRequest:
case WebURLRequest::RequestContextXSLT:
- return ContextTypeBlockable;
+ return ResourceRequest::ContextTypeBlockable;
// FIXME: Contexts that we should block, but don't currently. https://crbug.com/388650
case WebURLRequest::RequestContextDownload:
case WebURLRequest::RequestContextInternal:
case WebURLRequest::RequestContextPrefetch:
- return ContextTypeShouldBeBlockable;
+ return ResourceRequest::ContextTypeShouldBeBlockable;
case WebURLRequest::RequestContextUnspecified:
ASSERT_NOT_REACHED();
}
ASSERT_NOT_REACHED();
- return ContextTypeBlockable;
+ return ResourceRequest::ContextTypeBlockable;
}
// static
@@ -251,8 +252,8 @@ void MixedContentChecker::count(LocalFrame* frame, WebURLRequest::RequestContext
// Roll blockable content up into a single counter, count unblocked types individually so we
// can determine when they can be safely moved to the blockable category:
- ContextType contextType = contextTypeFromContext(requestContext, frame);
- if (contextType == ContextTypeBlockable) {
+ ResourceRequest::ContextType contextType = contextTypeFromContext(requestContext, frame);
+ if (contextType == ResourceRequest::ContextTypeBlockable) {
UseCounter::count(frame, UseCounter::MixedContentBlockable);
return;
}
@@ -292,11 +293,14 @@ void MixedContentChecker::count(LocalFrame* frame, WebURLRequest::RequestContext
}
// static
-bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url, MixedContentChecker::ReportingStatus reportingStatus)
+bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, ResourceRequest* request, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url, MixedContentChecker::ReportingStatus reportingStatus)
{
LocalFrame* mixedFrame = inWhichFrameIsContentMixed(frame, frameType, url);
- if (!mixedFrame)
+ if (!mixedFrame) {
+ if (request)
+ request->setContextType(ResourceRequest::ContextTypeNotMixedContent);
pfeldman 2015/08/17 20:32:52 Sorry for not taking a look at it earlier. You sho
estark 2015/08/17 20:36:22 Mike preferred setting it here on the request. If
return false;
+ }
MixedContentChecker::count(mixedFrame, requestContext);
@@ -309,7 +313,7 @@ bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req
// the client checks in order to prevent degrading the site's security UI.
bool strictMode = mixedFrame->document()->shouldEnforceStrictMixedContentChecking() || settings->strictMixedContentChecking();
- ContextType contextType = contextTypeFromContext(requestContext, mixedFrame);
+ ResourceRequest::ContextType contextType = contextTypeFromContext(requestContext, mixedFrame);
// If we're loading the main resource of a subframe, we need to take a close look at the loaded URL.
// If we're dealing with a CORS-enabled scheme, then block mixed frames as active content. Otherwise,
@@ -318,16 +322,16 @@ bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req
// FIXME: Remove this temporary hack once we have a reasonable API for launching external applications
// via URLs. http://crbug.com/318788 and https://crbug.com/393481
if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol()))
- contextType = ContextTypeOptionallyBlockable;
+ contextType = ResourceRequest::ContextTypeOptionallyBlockable;
switch (contextType) {
- case ContextTypeOptionallyBlockable:
+ case ResourceRequest::ContextTypeOptionallyBlockable:
allowed = !strictMode && client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url);
if (allowed)
client->didDisplayInsecureContent();
break;
- case ContextTypeBlockable: {
+ case ResourceRequest::ContextTypeBlockable: {
bool shouldAskEmbedder = !strictMode && settings && (!settings->strictlyBlockBlockableMixedContent() || settings->allowRunningOfInsecureContent());
allowed = shouldAskEmbedder && client->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), securityOrigin, url);
if (allowed) {
@@ -337,13 +341,19 @@ bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req
break;
}
- case ContextTypeShouldBeBlockable:
+ case ResourceRequest::ContextTypeShouldBeBlockable:
allowed = !strictMode;
if (allowed)
client->didDisplayInsecureContent();
break;
+ case ResourceRequest::ContextTypeNotMixedContent:
+ ASSERT_NOT_REACHED();
+ break;
};
+ if (request)
+ request->setContextType(contextType);
+
if (reportingStatus == SendReport)
logToConsoleAboutFetch(frame, url, requestContext, allowed);
return !allowed;

Powered by Google App Engine
This is Rietveld 408576698