OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
53 // make sure we're not breaking the world without realizing it. | 53 // make sure we're not breaking the world without realizing it. |
54 SecurityOrigin* origin = frame->document()->securityOrigin(); | 54 SecurityOrigin* origin = frame->document()->securityOrigin(); |
55 if (MixedContentChecker::isMixedContent(origin, url)) { | 55 if (MixedContentChecker::isMixedContent(origin, url)) { |
56 if (frame->document()->securityOrigin()->protocol() != "https") | 56 if (frame->document()->securityOrigin()->protocol() != "https") |
57 UseCounter::count(frame, UseCounter::MixedContentInNonHTTPSFrameThat
RestrictsMixedContent); | 57 UseCounter::count(frame, UseCounter::MixedContentInNonHTTPSFrameThat
RestrictsMixedContent); |
58 } else if (!SecurityOrigin::isSecure(url) && SchemeRegistry::shouldTreatURLS
chemeAsSecure(origin->protocol())) { | 58 } else if (!SecurityOrigin::isSecure(url) && SchemeRegistry::shouldTreatURLS
chemeAsSecure(origin->protocol())) { |
59 UseCounter::count(frame, UseCounter::MixedContentInSecureFrameThatDoesNo
tRestrictMixedContent); | 59 UseCounter::count(frame, UseCounter::MixedContentInSecureFrameThatDoesNo
tRestrictMixedContent); |
60 } | 60 } |
61 } | 61 } |
62 | 62 |
| 63 bool requestIsSubframeSubresource(LocalFrame* frame, WebURLRequest::FrameType fr
ameType) |
| 64 { |
| 65 return (frame && frame != frame->tree().top() && frameType != WebURLRequest:
:FrameTypeNested); |
| 66 } |
| 67 |
63 // static | 68 // static |
64 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K
URL& url) | 69 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K
URL& url) |
65 { | 70 { |
66 if (!SchemeRegistry::shouldTreatURLSchemeAsRestrictingMixedContent(securityO
rigin->protocol())) | 71 if (!SchemeRegistry::shouldTreatURLSchemeAsRestrictingMixedContent(securityO
rigin->protocol())) |
67 return false; | 72 return false; |
68 | 73 |
69 // We're in a secure context, so |url| is mixed content if it's insecure. | 74 // We're in a secure context, so |url| is mixed content if it's insecure. |
70 return !SecurityOrigin::isSecure(url); | 75 return !SecurityOrigin::isSecure(url); |
71 } | 76 } |
72 | 77 |
(...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
321 contextType = ContextTypeOptionallyBlockable; | 326 contextType = ContextTypeOptionallyBlockable; |
322 | 327 |
323 switch (contextType) { | 328 switch (contextType) { |
324 case ContextTypeOptionallyBlockable: | 329 case ContextTypeOptionallyBlockable: |
325 allowed = !strictMode && client->allowDisplayingInsecureContent(settings
&& settings->allowDisplayOfInsecureContent(), securityOrigin, url); | 330 allowed = !strictMode && client->allowDisplayingInsecureContent(settings
&& settings->allowDisplayOfInsecureContent(), securityOrigin, url); |
326 if (allowed) | 331 if (allowed) |
327 client->didDisplayInsecureContent(); | 332 client->didDisplayInsecureContent(); |
328 break; | 333 break; |
329 | 334 |
330 case ContextTypeBlockable: { | 335 case ContextTypeBlockable: { |
| 336 // Strictly block subresources in subframes, unless all insecure |
| 337 // content is allowed. |
| 338 if (!settings->allowRunningOfInsecureContent() && requestIsSubframeSubre
source(frame, frameType)) { |
| 339 UseCounter::count(mixedFrame, UseCounter::BlockableMixedContentInSub
frameBlocked); |
| 340 allowed = false; |
| 341 break; |
| 342 } |
| 343 |
331 bool shouldAskEmbedder = !strictMode && settings && (!settings->strictly
BlockBlockableMixedContent() || settings->allowRunningOfInsecureContent()); | 344 bool shouldAskEmbedder = !strictMode && settings && (!settings->strictly
BlockBlockableMixedContent() || settings->allowRunningOfInsecureContent()); |
332 allowed = shouldAskEmbedder && client->allowRunningInsecureContent(setti
ngs && settings->allowRunningOfInsecureContent(), securityOrigin, url); | 345 allowed = shouldAskEmbedder && client->allowRunningInsecureContent(setti
ngs && settings->allowRunningOfInsecureContent(), securityOrigin, url); |
333 if (allowed) { | 346 if (allowed) { |
334 client->didRunInsecureContent(securityOrigin, url); | 347 client->didRunInsecureContent(securityOrigin, url); |
335 UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllow
ed); | 348 UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllow
ed); |
336 } | 349 } |
337 break; | 350 break; |
338 } | 351 } |
339 | 352 |
340 case ContextTypeShouldBeBlockable: | 353 case ContextTypeShouldBeBlockable: |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
455 | 468 |
456 // See comment in shouldBlockFetch() about loading the main resource of a su
bframe. | 469 // See comment in shouldBlockFetch() about loading the main resource of a su
bframe. |
457 if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry
::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) { | 470 if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry
::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) { |
458 return ContextTypeOptionallyBlockable; | 471 return ContextTypeOptionallyBlockable; |
459 } | 472 } |
460 | 473 |
461 return contextTypeFromContext(request.requestContext(), mixedFrame); | 474 return contextTypeFromContext(request.requestContext(), mixedFrame); |
462 } | 475 } |
463 | 476 |
464 } // namespace blink | 477 } // namespace blink |
OLD | NEW |