OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 /** | 5 /** |
6 * @constructor | 6 * @constructor |
7 * @extends {WebInspector.PanelWithSidebar} | 7 * @extends {WebInspector.PanelWithSidebar} |
8 * @implements {WebInspector.TargetManager.Observer} | 8 * @implements {WebInspector.TargetManager.Observer} |
9 */ | 9 */ |
10 WebInspector.SecurityPanel = function() | 10 WebInspector.SecurityPanel = function() |
(...skipping 26 matching lines...) Expand all Loading... |
37 | 37 |
38 /** @typedef {string} */ | 38 /** @typedef {string} */ |
39 WebInspector.SecurityPanel.Origin; | 39 WebInspector.SecurityPanel.Origin; |
40 | 40 |
41 /** | 41 /** |
42 * @typedef {Object} | 42 * @typedef {Object} |
43 * @property {!SecurityAgent.SecurityState} securityState - Current security sta
te of the origin. | 43 * @property {!SecurityAgent.SecurityState} securityState - Current security sta
te of the origin. |
44 * @property {?NetworkAgent.SecurityDetails} securityDetails - Security details
of the origin, if available. | 44 * @property {?NetworkAgent.SecurityDetails} securityDetails - Security details
of the origin, if available. |
45 * @property {?Promise<!NetworkAgent.CertificateDetails>} certificateDetailsProm
ise - Certificate details of the origin. Only available if securityDetails are a
vailable. | 45 * @property {?Promise<!NetworkAgent.CertificateDetails>} certificateDetailsProm
ise - Certificate details of the origin. Only available if securityDetails are a
vailable. |
46 * @property {?WebInspector.SecurityOriginView} originView - Current SecurityOri
ginView corresponding to origin. | 46 * @property {?WebInspector.SecurityOriginView} originView - Current SecurityOri
ginView corresponding to origin. |
| 47 * @property {?WebInspector.CSPParser} cspDetails - Content Security Policy deta
ils |
47 */ | 48 */ |
48 WebInspector.SecurityPanel.OriginState; | 49 WebInspector.SecurityPanel.OriginState; |
49 | 50 |
50 WebInspector.SecurityPanel.prototype = { | 51 WebInspector.SecurityPanel.prototype = { |
51 | 52 |
52 /** | 53 /** |
53 * @param {!SecurityAgent.SecurityState} securityState | 54 * @param {!SecurityAgent.SecurityState} securityState |
54 */ | 55 */ |
55 setRanInsecureContentStyle: function(securityState) | 56 setRanInsecureContentStyle: function(securityState) |
56 { | 57 { |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
173 // TODO(lgarron): Store a (deduplicated) list of different security
details we have seen. https://crbug.com/503170 | 174 // TODO(lgarron): Store a (deduplicated) list of different security
details we have seen. https://crbug.com/503170 |
174 var originState = {}; | 175 var originState = {}; |
175 originState.securityState = securityState; | 176 originState.securityState = securityState; |
176 | 177 |
177 var securityDetails = request.securityDetails(); | 178 var securityDetails = request.securityDetails(); |
178 if (securityDetails) { | 179 if (securityDetails) { |
179 originState.securityDetails = securityDetails; | 180 originState.securityDetails = securityDetails; |
180 originState.certificateDetailsPromise = request.target().network
Manager.certificateDetailsPromise(securityDetails.certificateId); | 181 originState.certificateDetailsPromise = request.target().network
Manager.certificateDetailsPromise(securityDetails.certificateId); |
181 } | 182 } |
182 | 183 |
| 184 if (Runtime.experiments.isEnabled("cspDetailsInSecurityPanel")) { |
| 185 var cspHeader = request.responseHeaders.filter(header => header.
name.toLowerCase().includes("content-security-policy"))[0]; |
| 186 if (cspHeader) { |
| 187 originState.cspDetails = |
| 188 WebInspector.CSPParser.buildFromString( |
| 189 cspHeader.value, |
| 190 cspHeader.name.toLowerCase().includes("report-only") |
| 191 ); |
| 192 } |
| 193 } |
| 194 |
183 this._origins.set(origin, originState); | 195 this._origins.set(origin, originState); |
184 | 196 |
185 this._sidebarTree.addOrigin(origin, securityState); | 197 this._sidebarTree.addOrigin(origin, securityState); |
186 | 198 |
187 // Don't construct the origin view yet (let it happen lazily). | 199 // Don't construct the origin view yet (let it happen lazily). |
188 } | 200 } |
189 }, | 201 }, |
190 | 202 |
191 /** | 203 /** |
192 * @param {!WebInspector.Event} event | 204 * @param {!WebInspector.Event} event |
(...skipping 621 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
814 noteSection.createChild("div").textContent = WebInspector.UIString("The
security details above are from the first inspected response."); | 826 noteSection.createChild("div").textContent = WebInspector.UIString("The
security details above are from the first inspected response."); |
815 } else if (originState.securityState !== SecurityAgent.SecurityState.Unknown
) { | 827 } else if (originState.securityState !== SecurityAgent.SecurityState.Unknown
) { |
816 var notSecureSection = this.element.createChild("div", "origin-view-sect
ion"); | 828 var notSecureSection = this.element.createChild("div", "origin-view-sect
ion"); |
817 notSecureSection.createChild("div", "origin-view-section-title").textCon
tent = WebInspector.UIString("Not Secure"); | 829 notSecureSection.createChild("div", "origin-view-section-title").textCon
tent = WebInspector.UIString("Not Secure"); |
818 notSecureSection.createChild("div").textContent = WebInspector.UIString(
"Your connection to this origin is not secure."); | 830 notSecureSection.createChild("div").textContent = WebInspector.UIString(
"Your connection to this origin is not secure."); |
819 } else { | 831 } else { |
820 var noInfoSection = this.element.createChild("div", "origin-view-section
"); | 832 var noInfoSection = this.element.createChild("div", "origin-view-section
"); |
821 noInfoSection.createChild("div", "origin-view-section-title").textConten
t = WebInspector.UIString("No Security Information"); | 833 noInfoSection.createChild("div", "origin-view-section-title").textConten
t = WebInspector.UIString("No Security Information"); |
822 noInfoSection.createChild("div").textContent = WebInspector.UIString("No
security details are available for this origin."); | 834 noInfoSection.createChild("div").textContent = WebInspector.UIString("No
security details are available for this origin."); |
823 } | 835 } |
| 836 |
| 837 if (Runtime.experiments.isEnabled("cspDetailsInSecurityPanel") && originStat
e.cspDetails) { |
| 838 let contentSecurityPolicySection = this.element.createChild("div", "orig
in-view-section"); |
| 839 contentSecurityPolicySection.createChild("div", "origin-view-section-tit
le").textContent = WebInspector.UIString("Content Security Policy"); |
| 840 let toggleButton = createElement("button"); |
| 841 toggleButton.textContent = "Collapse All Policies"; |
| 842 toggleButton.dataset.showing = true; |
| 843 toggleButton.className = "collapse-policies"; |
| 844 contentSecurityPolicySection.appendChild(toggleButton); |
| 845 |
| 846 let reportUri = createElement("p"); |
| 847 reportUri.innerHTML = `<b>Report URI</b> <span>${originState.cspDetails.
reportUri ? originState.cspDetails.reportUri : "Not Set"}</span>`; |
| 848 contentSecurityPolicySection.appendChild(reportUri); |
| 849 |
| 850 toggleButton.addEventListener("click", () => { |
| 851 let headings = contentSecurityPolicySection.querySelectorAll(".csp-r
ule-heading"); |
| 852 if (toggleButton.dataset.showing === "true") { |
| 853 Array.prototype.forEach.call(headings, item => { |
| 854 item.closeSection(); |
| 855 }); |
| 856 toggleButton.textContent = "Show All Policies"; |
| 857 toggleButton.dataset.showing = false; |
| 858 } else { |
| 859 Array.prototype.forEach.call(headings, item => { |
| 860 item.showSection(); |
| 861 }); |
| 862 toggleButton.textContent = "Collapse Policies"; |
| 863 toggleButton.dataset.showing = true; |
| 864 } |
| 865 }); |
| 866 |
| 867 /** |
| 868 * Create the sections for the CSP display. |
| 869 * |
| 870 * @param {!WebInspector.CSPParser.Policy} policy The CSP Policy to crea
te a section for. |
| 871 */ |
| 872 function createPolicySection(policy) { |
| 873 |
| 874 // Since for some reason a blank policy may get made sometimes. |
| 875 if (!policy.name) { |
| 876 return; |
| 877 } |
| 878 |
| 879 /** |
| 880 * Create table row for a CSP Rule |
| 881 * @param {!WebInspector.CSPParser.Rule} rule The rule to create a t
able entry for. |
| 882 * @return {string} |
| 883 */ |
| 884 function createRuleRow(rule) { |
| 885 return ` |
| 886 <tr class="csp-rule csp-security-state-${rule.securitySt
ate}"> |
| 887 <th><span class="lock-icon lock-icon-${rule.security
State}"></span><p>${rule.value}</p></th> |
| 888 <td> |
| 889 <p><b>Security Level</b> <span>${rule.humanReada
bleSecurityState}</span></p> |
| 890 ${rule.reason ? `<p><b>Reason</b> <span>${rule.r
eason}</span></p>` : ""} |
| 891 <p><b>Report Only</b> <span>${rule.reportOnly ?
"Yes" : "No"}</span></p> |
| 892 </td> |
| 893 </tr>`; |
| 894 } |
| 895 let heading = createElement("h4"); |
| 896 heading.dataset.rule = policy.name; |
| 897 heading.className = `csp-rule csp-rule-heading csp-security-state-${
policy.securityState}`; |
| 898 heading.textContent = policy.name; |
| 899 heading.innerHTML += `<span class="icon"></span>`; |
| 900 contentSecurityPolicySection.appendChild(heading); |
| 901 |
| 902 let policyStateArea = createElement("p"); |
| 903 policyStateArea.innerHTML = `<b>Policy state</b> ${policy.humanReada
bleSecurityState}`; |
| 904 if (policy.securityStateReason) { |
| 905 policyStateArea.innerHTML += `<br><b>Reason</b> ${policy.securit
yStateReason}`; |
| 906 } |
| 907 contentSecurityPolicySection.appendChild(policyStateArea); |
| 908 |
| 909 let table = createElementWithClass("table", `csp-directive csp-rule-
list-${policy.name}`); |
| 910 table.innerHTML += ` |
| 911 <tbody> |
| 912 ${policy.rules.sort((a, b) => a.value.localeCompare(b.va
lue)).map(createRuleRow).join('')} |
| 913 </tbody> |
| 914 </table>`; |
| 915 contentSecurityPolicySection.appendChild(table); |
| 916 |
| 917 /** |
| 918 * @this {Element} |
| 919 */ |
| 920 heading.toggleSection = function() { |
| 921 contentSecurityPolicySection |
| 922 .querySelector(`.csp-rule-list-${policy.name}`) |
| 923 .classList |
| 924 .toggle("csp-directive_hidden"); |
| 925 this.classList.toggle("directive-is-hidden"); |
| 926 }; |
| 927 /** |
| 928 * @this {Element} |
| 929 */ |
| 930 heading.closeSection = function() { |
| 931 contentSecurityPolicySection |
| 932 .querySelector(`.csp-rule-list-${policy.name}`) |
| 933 .classList |
| 934 .add("csp-directive_hidden"); |
| 935 this.classList.add("directive-is-hidden"); |
| 936 }; |
| 937 /** |
| 938 * @this {Element} |
| 939 */ |
| 940 heading.showSection = function () { |
| 941 contentSecurityPolicySection |
| 942 .querySelector(`.csp-rule-list-${policy.name}`) |
| 943 .classList |
| 944 .remove("csp-directive_hidden"); |
| 945 this.classList.remove("directive-is-hidden"); |
| 946 }; |
| 947 heading.addEventListener("click", event => { |
| 948 if (event.target.toggleSection) |
| 949 event.target.toggleSection(); |
| 950 }); |
| 951 } |
| 952 |
| 953 originState.cspDetails.policies.forEach(createPolicySection); |
| 954 } |
824 } | 955 } |
825 | 956 |
826 WebInspector.SecurityOriginView.prototype = { | 957 WebInspector.SecurityOriginView.prototype = { |
827 | 958 |
828 /** | 959 /** |
829 * @param {!NetworkAgent.CertificateSubject} certificateSubject | 960 * @param {!NetworkAgent.CertificateSubject} certificateSubject |
830 * *return {!Element} | 961 * *return {!Element} |
831 */ | 962 */ |
832 _createSanDiv: function(certificateSubject) | 963 _createSanDiv: function(certificateSubject) |
833 { | 964 { |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
931 row.createChild("div").textContent = key; | 1062 row.createChild("div").textContent = key; |
932 | 1063 |
933 var valueDiv = row.createChild("div"); | 1064 var valueDiv = row.createChild("div"); |
934 if (typeof value === "string") { | 1065 if (typeof value === "string") { |
935 valueDiv.textContent = value; | 1066 valueDiv.textContent = value; |
936 } else { | 1067 } else { |
937 valueDiv.appendChild(value); | 1068 valueDiv.appendChild(value); |
938 } | 1069 } |
939 } | 1070 } |
940 } | 1071 } |
OLD | NEW |