Chromium Code Reviews Chromium Code Reviews
Issue 1550233002:
Move mixed content settings histograms into browser (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 298 // static | 298 // static |
| 299 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req uestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url, MixedContentChecker::ReportingStatus reportingStatus) | 299 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req uestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url, MixedContentChecker::ReportingStatus reportingStatus) |
| 300 { | 300 { |
| 301 LocalFrame* mixedFrame = inWhichFrameIsContentMixed(frame, frameType, url); | 301 LocalFrame* mixedFrame = inWhichFrameIsContentMixed(frame, frameType, url); |
| 302 if (!mixedFrame) | 302 if (!mixedFrame) |
| 303 return false; | 303 return false; |
| 304 | 304 |
| 305 MixedContentChecker::count(mixedFrame, requestContext); | 305 MixedContentChecker::count(mixedFrame, requestContext); |
| 306 | 306 |
| 307 Settings* settings = mixedFrame->settings(); | 307 Settings* settings = mixedFrame->settings(); |
| 308 FrameLoaderClient* client = mixedFrame->loader().client(); | 308 FrameLoaderClient* client = frame->loader().client(); |
| 309 SecurityOrigin* securityOrigin = mixedFrame->document()->securityOrigin(); | 309 SecurityOrigin* securityOrigin = mixedFrame->document()->securityOrigin(); |
| 310 bool allowed = false; | 310 bool allowed = false; |
| 311 | 311 |
| 312 // If we're in strict mode, we'll automagically fail everything, and intenti onally skip | 312 // If we're in strict mode, we'll automagically fail everything, and intenti onally skip |
| 313 // the client checks in order to prevent degrading the site's security UI. | 313 // the client checks in order to prevent degrading the site's security UI. |
| 314 bool strictMode = mixedFrame->securityContext()->shouldEnforceStrictMixedCon tentChecking() || settings->strictMixedContentChecking(); | 314 bool strictMode = mixedFrame->securityContext()->shouldEnforceStrictMixedCon tentChecking() || settings->strictMixedContentChecking(); |
| 315 | 315 |
| 316 ContextType contextType = contextTypeFromContext(requestContext, mixedFrame) ; | 316 ContextType contextType = contextTypeFromContext(requestContext, mixedFrame) ; |
| 317 | 317 |
| 318 // If we're loading the main resource of a subframe, we need to take a close look at the loaded URL. | 318 // If we're loading the main resource of a subframe, we need to take a close look at the loaded URL. |
| 319 // If we're dealing with a CORS-enabled scheme, then block mixed frames as a ctive content. Otherwise, | 319 // If we're dealing with a CORS-enabled scheme, then block mixed frames as a ctive content. Otherwise, |
| 320 // treat frames as passive content. | 320 // treat frames as passive content. |
| 321 // | 321 // |
| 322 // FIXME: Remove this temporary hack once we have a reasonable API for launc hing external applications | 322 // FIXME: Remove this temporary hack once we have a reasonable API for launc hing external applications |
| 323 // via URLs. http://crbug.com/318788 and https://crbug.com/393481 | 323 // via URLs. http://crbug.com/318788 and https://crbug.com/393481 |
| 324 if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTr eatURLSchemeAsCORSEnabled(url.protocol())) | 324 if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTr eatURLSchemeAsCORSEnabled(url.protocol())) |
| 325 contextType = ContextTypeOptionallyBlockable; | 325 contextType = ContextTypeOptionallyBlockable; |
| 326 | 326 |
| 327 switch (contextType) { | 327 switch (contextType) { |
| 328 case ContextTypeOptionallyBlockable: | 328 case ContextTypeOptionallyBlockable: |
| 329 if (!strictMode) | |
|
alexmos
2016/01/09 01:39:02
I know this preserves original behavior, but do yo
| |
| 330 mixedFrame->client()->triedDisplayingInsecureContent(securityOrigin, url); | |
| 329 allowed = !strictMode && client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url); | 331 allowed = !strictMode && client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url); |
|
alexmos
2016/01/09 01:39:02
This could benefit from a comment somewhere explai
| |
| 330 if (allowed) | 332 if (allowed) |
| 331 client->didDisplayInsecureContent(); | 333 client->didDisplayInsecureContent(); |
| 332 break; | 334 break; |
| 333 | 335 |
| 334 case ContextTypeBlockable: { | 336 case ContextTypeBlockable: { |
| 335 // Strictly block subresources in subframes, unless all insecure | 337 // Strictly block subresources in subframes, unless all insecure |
| 336 // content is allowed. | 338 // content is allowed. |
| 337 if (!settings->allowRunningOfInsecureContent() && requestIsSubframeSubre source(frame, frameType)) { | 339 if (!settings->allowRunningOfInsecureContent() && requestIsSubframeSubre source(frame, frameType)) { |
| 338 UseCounter::count(mixedFrame, UseCounter::BlockableMixedContentInSub frameBlocked); | 340 UseCounter::count(mixedFrame, UseCounter::BlockableMixedContentInSub frameBlocked); |
| 339 allowed = false; | 341 allowed = false; |
| 340 break; | 342 break; |
| 341 } | 343 } |
| 342 | 344 |
| 343 bool shouldAskEmbedder = !strictMode && settings && (!settings->strictly BlockBlockableMixedContent() || settings->allowRunningOfInsecureContent()); | 345 bool shouldAskEmbedder = !strictMode && settings && (!settings->strictly BlockBlockableMixedContent() || settings->allowRunningOfInsecureContent()); |
| 346 if (shouldAskEmbedder) | |
| 347 mixedFrame->client()->triedRunningInsecureContent(securityOrigin, ur l); | |
| 344 allowed = shouldAskEmbedder && client->allowRunningInsecureContent(setti ngs && settings->allowRunningOfInsecureContent(), securityOrigin, url); | 348 allowed = shouldAskEmbedder && client->allowRunningInsecureContent(setti ngs && settings->allowRunningOfInsecureContent(), securityOrigin, url); |
| 345 if (allowed) { | 349 if (allowed) { |
| 346 client->didRunInsecureContent(securityOrigin, url); | 350 client->didRunInsecureContent(securityOrigin, url); |
| 347 UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllow ed); | 351 UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllow ed); |
| 348 } | 352 } |
| 349 break; | 353 break; |
| 350 } | 354 } |
| 351 | 355 |
| 352 case ContextTypeShouldBeBlockable: | 356 case ContextTypeShouldBeBlockable: |
| 353 allowed = !strictMode; | 357 allowed = !strictMode; |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 379 bool MixedContentChecker::shouldBlockWebSocket(LocalFrame* frame, const KURL& ur l, MixedContentChecker::ReportingStatus reportingStatus) | 383 bool MixedContentChecker::shouldBlockWebSocket(LocalFrame* frame, const KURL& ur l, MixedContentChecker::ReportingStatus reportingStatus) |
| 380 { | 384 { |
| 381 LocalFrame* mixedFrame = inWhichFrameIsContentMixed(frame, WebURLRequest::Fr ameTypeNone, url); | 385 LocalFrame* mixedFrame = inWhichFrameIsContentMixed(frame, WebURLRequest::Fr ameTypeNone, url); |
| 382 if (!mixedFrame) | 386 if (!mixedFrame) |
| 383 return false; | 387 return false; |
| 384 | 388 |
| 385 UseCounter::count(mixedFrame, UseCounter::MixedContentPresent); | 389 UseCounter::count(mixedFrame, UseCounter::MixedContentPresent); |
| 386 UseCounter::count(mixedFrame, UseCounter::MixedContentWebSocket); | 390 UseCounter::count(mixedFrame, UseCounter::MixedContentWebSocket); |
| 387 | 391 |
| 388 Settings* settings = mixedFrame->settings(); | 392 Settings* settings = mixedFrame->settings(); |
| 389 FrameLoaderClient* client = mixedFrame->loader().client(); | 393 FrameLoaderClient* client = mixedFrame->loader().client(); |
|
alexmos
2016/01/09 01:39:02
Should this also become frame->loader().client()?
| |
| 390 SecurityOrigin* securityOrigin = mixedFrame->document()->securityOrigin(); | 394 SecurityOrigin* securityOrigin = mixedFrame->document()->securityOrigin(); |
| 391 bool allowed = false; | 395 bool allowed = false; |
| 392 | 396 |
| 393 // If we're in strict mode, we'll automagically fail everything, and intenti onally skip | 397 // If we're in strict mode, we'll automagically fail everything, and intenti onally skip |
| 394 // the client checks in order to prevent degrading the site's security UI. | 398 // the client checks in order to prevent degrading the site's security UI. |
| 395 bool strictMode = mixedFrame->document()->shouldEnforceStrictMixedContentChe cking() || settings->strictMixedContentChecking(); | 399 bool strictMode = mixedFrame->document()->shouldEnforceStrictMixedContentChe cking() || settings->strictMixedContentChecking(); |
| 396 if (!strictMode) { | 400 if (!strictMode) { |
| 397 bool allowedPerSettings = settings && settings->allowRunningOfInsecureCo ntent(); | 401 bool allowedPerSettings = settings && settings->allowRunningOfInsecureCo ntent(); |
| 402 mixedFrame->client()->triedRunningInsecureContent(securityOrigin, url); | |
| 398 allowed = client->allowRunningInsecureContent(allowedPerSettings, securi tyOrigin, url); | 403 allowed = client->allowRunningInsecureContent(allowedPerSettings, securi tyOrigin, url); |
| 399 } | 404 } |
| 400 | 405 |
| 401 if (allowed) | 406 if (allowed) |
| 402 client->didRunInsecureContent(securityOrigin, url); | 407 client->didRunInsecureContent(securityOrigin, url); |
| 403 | 408 |
| 404 if (reportingStatus == SendReport) | 409 if (reportingStatus == SendReport) |
| 405 logToConsoleAboutWebSocket(frame, url, allowed); | 410 logToConsoleAboutWebSocket(frame, url, allowed); |
| 406 return !allowed; | 411 return !allowed; |
| 407 } | 412 } |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 488 | 493 |
| 489 // See comment in shouldBlockFetch() about loading the main resource of a su bframe. | 494 // See comment in shouldBlockFetch() about loading the main resource of a su bframe. |
| 490 if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry ::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) { | 495 if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry ::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) { |
| 491 return ContextTypeOptionallyBlockable; | 496 return ContextTypeOptionallyBlockable; |
| 492 } | 497 } |
| 493 | 498 |
| 494 return contextTypeFromContext(request.requestContext(), mixedFrame); | 499 return contextTypeFromContext(request.requestContext(), mixedFrame); |
| 495 } | 500 } |
| 496 | 501 |
| 497 } // namespace blink | 502 } // namespace blink |
| OLD | NEW |
