content/browser/ssl/ssl_manager.cc - Issue 1415923015: Downgrade lock icon for broken-HTTPS subresources

Side by Side Diff: content/browser/ssl/ssl_manager.cc

Issue 1415923015: Downgrade lock icon for broken-HTTPS subresources (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: remove unnecessary includes Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/ssl/ssl_manager.h"	5 #include "content/browser/ssl/ssl_manager.h"

6	6

7 #include <set>	7 #include <set>

8	8

9 #include "base/bind.h"	9 #include "base/bind.h"

10 #include "base/strings/utf_string_conversions.h"	10 #include "base/strings/utf_string_conversions.h"

(...skipping 109 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
120 entry->GetSSL() = details.ssl_status;	120 entry->GetSSL() = details.ssl_status;

121 }	121 }

122 }	122 }

123	123

124 policy()->UpdateEntry(entry, controller_->delegate()->GetWebContents());	124 policy()->UpdateEntry(entry, controller_->delegate()->GetWebContents());

125 // Always notify the WebContents that the SSL state changed when a	125 // Always notify the WebContents that the SSL state changed when a

126 // load is committed, in case the active navigation entry has changed.	126 // load is committed, in case the active navigation entry has changed.

127 NotifyDidChangeVisibleSSLState();	127 NotifyDidChangeVisibleSSLState();

128 }	128 }

129	129

130 void SSLManager::DidDisplayInsecureContent() {

131 UpdateEntry(controller_->GetLastCommittedEntry());

132 }

133

134 void SSLManager::DidRunInsecureContent(const std::string& security_origin) {	130 void SSLManager::DidRunInsecureContent(const std::string& security_origin) {

135 NavigationEntryImpl* navigation_entry = controller_->GetLastCommittedEntry();	131 NavigationEntryImpl* navigation_entry = controller_->GetLastCommittedEntry();

136 policy()->DidRunInsecureContent(navigation_entry, security_origin);	132 policy()->DidRunInsecureContent(navigation_entry, security_origin);

137 UpdateEntry(navigation_entry);	133 UpdateEntry(navigation_entry);

138 }	134 }

139	135

	136 bool SSLManager::IsContentWithCertificateErrorsRelevant(const GURL& url,

	137 const SSLStatus& ssl) {

	138 // Do not handle subresource certificate errors if the main page is

	139 // not loaded over HTTPS.

	140 NavigationEntryImpl* entry = controller_->GetLastCommittedEntry();

	141 if (!entry \|\| !entry->GetSSL().cert_id)
	jww 2015/11/20 01:25:08 We talked about this a while back, and I forget al We talked about this a while back, and I forget all the details, but doesn't a cert_id of 0 indicate that it's unset or invalid? And if the SSLStatus is invalid, is that really "no errors"? These are really honest questions, because I can't remember. estark 2015/11/23 23:40:24 So I ended up moving this to the renderer and chan Show quoted text On 2015/11/20 01:25:08, jww wrote: > We talked about this a while back, and I forget all the details, but doesn't a > cert_id of 0 indicate that it's unset or invalid? And if the SSLStatus is > invalid, is that really "no errors"? These are really honest questions, because > I can't remember. So I ended up moving this to the renderer and changing the check to just be SchemeIsCryptographic() on the main resource. Does that seem right to you? jww 2015/11/25 19:24:02 It doesn't seem like there's any increased securit Show quoted text On 2015/11/23 23:40:24, estark wrote: > On 2015/11/20 01:25:08, jww wrote: > > We talked about this a while back, and I forget all the details, but doesn't a > > cert_id of 0 indicate that it's unset or invalid? And if the SSLStatus is > > invalid, is that really "no errors"? These are really honest questions, > because > > I can't remember. > > So I ended up moving this to the renderer and changing the check to just be > SchemeIsCryptographic() on the main resource. Does that seem right to you? It doesn't seem like there's any increased security risk here, since ultimately the renderer is deciding the state anyway, and his could all be ignored. The only consideration is if this will someday all end up being in the Browser anyway, but I'm not too worried about that.
	142 return false;

	143

	144 // Do not handle subresource certificate errors if they are the same

	145 // as errors that occured during the main page load. This compares

	146 // most, but not all, fields of SSLStatus. For example, this check

	147 // does not compare \|content_status\| because the navigation entry

	148 // might have mixed content but also have the exact same SSL

	149 // connection properties as the subresource, thereby making the

	150 // subresource errors duplicative.
	jww 2015/11/20 01:25:08 Why is security_style not covered by this? Because Why is security_style not covered by this? Because all of the following bits imply a particular style? estark 2015/11/23 23:40:24 I think just an omission on my part. (The followin Show quoted text On 2015/11/20 01:25:08, jww wrote: > Why is security_style not covered by this? Because all of the following bits > imply a particular style? I think just an omission on my part. (The following bits do imply a particular style, but I think it's better not to rely on that.)
	151 return (!url::Origin(entry->GetURL()).IsSameOriginWith(url::Origin(url)) \|\|

	152 entry->GetSSL().cert_id != ssl.cert_id \|\|

	153 entry->GetSSL().cert_status != ssl.cert_status \|\|

	154 entry->GetSSL().security_bits != ssl.security_bits \|\|

	155 entry->GetSSL().connection_status != ssl.connection_status);

	156 }

	157

140 void SSLManager::DidLoadFromMemoryCache(	158 void SSLManager::DidLoadFromMemoryCache(

141 const LoadFromMemoryCacheDetails& details) {	159 const LoadFromMemoryCacheDetails& details) {

142 // Simulate loading this resource through the usual path.	160 // Simulate loading this resource through the usual path.

143 // Note that we specify SUB_RESOURCE as the resource type as WebCore only	161 // Note that we specify SUB_RESOURCE as the resource type as WebCore only

144 // caches sub-resources.	162 // caches sub-resources.

145 // This resource must have been loaded with no filtering because filtered	163 // This resource must have been loaded with no filtering because filtered

146 // resouces aren't cachable.	164 // resouces aren't cachable.

147 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(	165 scoped_refptr<SSLRequestInfo> info(new SSLRequestInfo(

148 details.url,	166 details.url,

149 RESOURCE_TYPE_SUB_RESOURCE,	167 RESOURCE_TYPE_SUB_RESOURCE,

(...skipping 43 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
193 NotifyDidChangeVisibleSSLState();	211 NotifyDidChangeVisibleSSLState();

194 }	212 }

195	213

196 void SSLManager::NotifyDidChangeVisibleSSLState() {	214 void SSLManager::NotifyDidChangeVisibleSSLState() {

197 WebContentsImpl* contents =	215 WebContentsImpl* contents =

198 static_cast<WebContentsImpl*>(controller_->delegate()->GetWebContents());	216 static_cast<WebContentsImpl*>(controller_->delegate()->GetWebContents());

199 contents->DidChangeVisibleSSLState();	217 contents->DidChangeVisibleSSLState();

200 }	218 }

201	219

202 } // namespace content	220 } // namespace content

OLD	NEW

« content/browser/ssl/ssl_manager.h ('K') | « content/browser/ssl/ssl_manager.h ('k') | content/browser/ssl/ssl_policy.cc » ('j') | content/browser/web_contents/web_contents_impl.cc » ('J')