Downgrade lock icon for broken-HTTPS subresources

third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

 /*
  * Copyright (C) 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 440 matching lines @@
     if (frameType == WebURLRequest::FrameTypeNested) {
         // FIXME: Deal with RemoteFrames.
         Frame* parentFrame = effectiveFrame->tree().parent();
         ASSERT(parentFrame);
         if (parentFrame->isLocalFrame())
             effectiveFrame = toLocalFrame(parentFrame);
     }
     return effectiveFrame;
 }
 
+void MixedContentChecker::handleCertificateError(LocalFrame* frame, const KURL& url, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const CString& securityInfo)
+{
+    if (frameType == WebURLRequest::FrameTypeTopLevel || !frame)
+        return;
+
+    FrameLoaderClient* client = frame->loader().client();
+    ContextType contextType = MixedContentChecker::contextTypeFromContext(requestContext, frame);
+    if (contextType == ContextTypeBlockable) {
+        client->didRunContentWithCertificateErrors(url, securityInfo, frame->document()->url(), frame->loader().documentLoader()->response().getSecurityInfo());
+    } else {
+        // contextTypeFromContext() never returns NotMixedContent (it
+        // computes the type of mixed content, given that the content is
+        // mixed).
+        ASSERT(contextType != ContextTypeNotMixedContent);
+        client->didDisplayContentWithCertificateErrors(url, securityInfo, frame->document()->url(), frame->loader().documentLoader()->response().getSecurityInfo());
+    }

[Mike West, 2015/11/27 05:30:38]

Should we output a console message noting the responsible resource? Or are we
leaving that up to the security panel? If the latter, will we be moving all
mixed content messages there?

[estark, 2015/11/28 02:46:56]

Done. I think we should keep the console messages in addition to making note of
mixed content in the security panel. (In  a follow-up CL, I'll be tweaking the
security panel UI for resources with certificate errors. Right now they'll show
up as normal mixed content in the security panel.)

[estark, 2015/11/30 18:13:27]

Mike: Oops, this turned out to be more complicated than I thought. Logging to
console here doesn't do quite the right thing (as revealed by the test
failures): it'll print a console message even if content/ decides that the
certificate error isn't relevant. I think to fix this the console message will
have to be initiated from content/ after it decides what to do with the
certificate error, which is totally do-able, but I think I'll do it in a
follow-up CL since this one is already quite large.

+}
+
 MixedContentChecker::ContextType MixedContentChecker::contextTypeForInspector(LocalFrame* frame, const ResourceRequest& request)
 {
     LocalFrame* effectiveFrame = effectiveFrameForFrameType(frame, request.frameType());
 
     LocalFrame* mixedFrame = inWhichFrameIsContentMixed(effectiveFrame, request.frameType(), request.url());
     if (!mixedFrame)
         return ContextTypeNotMixedContent;
 
     // See comment in shouldBlockFetch() about loading the main resource of a subframe.
     if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) {
         return ContextTypeOptionallyBlockable;
     }
 
     return contextTypeFromContext(request.requestContext(), mixedFrame);
 }
 
 } // namespace blink