Chromium Code Reviews Chromium Code Reviews
Issue 1415923015:
Downgrade lock icon for broken-HTTPS subresources (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/ssl/ssl_browser_tests.cc |
| diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc |
| index 1d7e7c89fbc47cea3673a0928e72bbb9e9421bf0..39ee9111990f36ba978beb7abe8950efb035e223 100644 |
| --- a/chrome/browser/ssl/ssl_browser_tests.cc |
| +++ b/chrome/browser/ssl/ssl_browser_tests.cc |
| @@ -2117,10 +2117,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) { |
| // This test, and the related test TestUnsafeContentsWithUserException, verify |
| // that if unsafe content is loaded but the host of that unsafe content has a |
| -// user exception, the content runs and the security style remains |
| -// authenticated. This is not necessarily the behavior that should exist, but it |
| -// is verification that it does behave that way. See https://crbug.com/477868 |
| -// for more inforamtion on this. |
| +// user exception, the content runs and the security style is downgraded. |
| IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerWithUserException) { |
| ASSERT_TRUE(https_server_.Start()); |
| // Note that it is necessary to user https_server_mismatched_ here over the |
| @@ -2150,14 +2147,12 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerWithUserException) { |
| ui_test_utils::NavigateToURL( |
| browser(), https_server_.GetURL(page_with_unsafe_worker_path)); |
| CheckWorkerLoadResult(tab, true); // Worker loads insecure content |
| - CheckAuthenticatedState(tab, CertError::NONE); |
| + CheckAuthenticationBrokenState(tab, CertError::NONE, |
| + AuthState::RAN_INSECURE_CONTENT); |
| } |
| // Visits a page with unsafe content and makes sure that if a user exception to |
| // the certificate error is present, the image is loaded and script executes. |
| -// |
| -// See the comment above SSLUITest.TestUnsafeContentsInWorkerWithUserException |
| -// for a discussion about the desired behavior. |
| IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) { |
| ASSERT_TRUE(https_server_.Start()); |
| // Note that it is necessary to user https_server_mismatched_ here over the |
| @@ -2185,9 +2180,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) { |
| ui_test_utils::NavigateToURL(browser(), |
| https_server_.GetURL(replacement_path)); |
| - // When the bad content is filtered, the state is expected to be |
| - // authenticated. |
| - CheckAuthenticatedState(tab, AuthState::NONE); |
| + CheckAuthenticationBrokenState( |
| + tab, CertError::NONE, |
| + AuthState::RAN_INSECURE_CONTENT | AuthState::DISPLAYED_INSECURE_CONTENT); |
| int img_width; |
| EXPECT_TRUE(content::ExecuteScriptAndExtractInt( |
| @@ -2201,7 +2196,57 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) { |
| EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| tab, "window.domAutomationController.send(IsFooSet());", &js_result)); |
| EXPECT_TRUE(js_result); |
| - CheckAuthenticatedState(tab, CertError::NONE); |
| + |
| + // Test that subresources with the same certificate errors as the main |
| + // resources don't cause mixed content UI downgrades. (Such errors |
| + // would be confusing and duplicative.) |
|
jww
2015/11/20 01:25:08
Mention that this is testing *active* content?
estark
2015/11/23 23:40:24
Done.
|
| + ui_test_utils::NavigateToURL( |
| + browser(), https_server_mismatched_.GetURL(replacement_path)); |
| + js_result = false; |
| + EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| + tab, "window.domAutomationController.send(IsFooSet());", &js_result)); |
| + EXPECT_TRUE(js_result); |
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, |
| + AuthState::NONE); |
| +} |
| + |
| +// Like the test above, but only displaying an image. |
|
jww
2015/11/20 01:25:08
Mention that this is testing *inactive* content?
estark
2015/11/23 23:40:24
Done.
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeImageWithUserException) { |
| + ASSERT_TRUE(https_server_.Start()); |
| + // Note that it is necessary to user https_server_mismatched_ here over the |
| + // other invalid cert servers. This is because the test relies on the two |
| + // servers having different hosts since SSL exceptions are per-host, not per |
| + // origin, and https_server_mismatched_ uses 'localhost' rather than |
| + // '127.0.0.1'. |
| + ASSERT_TRUE(https_server_mismatched_.Start()); |
|
jww
2015/11/20 01:25:08
It seems like a lot of this is similar/identical b
estark
2015/11/23 23:40:24
Done.
|
| + |
| + // Navigate to an unsafe site. Proceed with interstitial page to indicate |
| + // the user approves the bad certificate. |
| + ui_test_utils::NavigateToURL( |
| + browser(), https_server_mismatched_.GetURL("/ssl/blank_page.html")); |
| + WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, |
| + AuthState::SHOWING_INTERSTITIAL); |
| + ProceedThroughInterstitial(tab); |
| + CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID, |
| + AuthState::NONE); |
| + |
| + std::string replacement_path; |
| + GetFilePathWithHostAndPortReplacement( |
| + "/ssl/page_with_unsafe_image.html", |
| + https_server_mismatched_.host_port_pair(), &replacement_path); |
| + ui_test_utils::NavigateToURL(browser(), |
| + https_server_.GetURL(replacement_path)); |
| + |
| + CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT); |
| + |
| + int img_width; |
| + EXPECT_TRUE(content::ExecuteScriptAndExtractInt( |
| + tab, "window.domAutomationController.send(ImageWidth());", &img_width)); |
| + // In order to check that the image was loaded, we check its width. |
| + // The actual image (Google logo) is 114 pixels wide, so we assume a good |
| + // image is greater than 100. |
| + EXPECT_GT(img_width, 100); |
| } |
| // Test that when the browser blocks displaying insecure content (images), the |
