Downgrade lock icon for broken-HTTPS subresources

third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

Index: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
index fdcc09b14a13bba18e331b1fa85bb1848942e2f5..82c9a49a0cf1377fa67172cd63514be9733420f8 100644
--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
@@ -458,6 +458,24 @@ LocalFrame* MixedContentChecker::effectiveFrameForFrameType(LocalFrame* frame, W
     return effectiveFrame;
 }
 
+void MixedContentChecker::handleCertificateError(LocalFrame* frame, const KURL& url, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const CString& securityInfo)
+{
+    if (frameType == WebURLRequest::FrameTypeTopLevel || !frame)
+        return;
+
+    FrameLoaderClient* client = frame->loader().client();
+    ContextType contextType = MixedContentChecker::contextTypeFromContext(requestContext, frame);
+    if (contextType == ContextTypeBlockable) {
+        client->didRunContentWithCertificateErrors(url, securityInfo, frame->document()->url(), frame->loader().documentLoader()->response().getSecurityInfo());
+    } else {
+        // contextTypeFromContext() never returns NotMixedContent (it
+        // computes the type of mixed content, given that the content is
+        // mixed).
+        ASSERT(contextType != ContextTypeNotMixedContent);
+        client->didDisplayContentWithCertificateErrors(url, securityInfo, frame->document()->url(), frame->loader().documentLoader()->response().getSecurityInfo());
+    }

[Mike West, 2015/11/27 05:30:38]

Should we output a console message noting the responsible resource? Or are we
leaving that up to the security panel? If the latter, will we be moving all
mixed content messages there?

[estark, 2015/11/28 02:46:56]

Done. I think we should keep the console messages in addition to making note of
mixed content in the security panel. (In  a follow-up CL, I'll be tweaking the
security panel UI for resources with certificate errors. Right now they'll show
up as normal mixed content in the security panel.)

[estark, 2015/11/30 18:13:27]

Mike: Oops, this turned out to be more complicated than I thought. Logging to
console here doesn't do quite the right thing (as revealed by the test
failures): it'll print a console message even if content/ decides that the
certificate error isn't relevant. I think to fix this the console message will
have to be initiated from content/ after it decides what to do with the
certificate error, which is totally do-able, but I think I'll do it in a
follow-up CL since this one is already quite large.

+}
+
 MixedContentChecker::ContextType MixedContentChecker::contextTypeForInspector(LocalFrame* frame, const ResourceRequest& request)
 {
     LocalFrame* effectiveFrame = effectiveFrameForFrameType(frame, request.frameType());