Chromium Code Reviews Chromium Code Reviews
Issue 181253003:
Downgrade page security if an inline has invalid certificate.
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/web_contents/web_contents_impl.h" | 5 #include "content/browser/web_contents/web_contents_impl.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/debug/trace_event.h" | 10 #include "base/debug/trace_event.h" |
| (...skipping 1863 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1874 if (browser_plugin_embedder_.get()) | 1874 if (browser_plugin_embedder_.get()) |
| 1875 browser_plugin_embedder_->DragSourceMovedTo(client_x, client_y, | 1875 browser_plugin_embedder_->DragSourceMovedTo(client_x, client_y, |
| 1876 screen_x, screen_y); | 1876 screen_x, screen_y); |
| 1877 if (GetRenderViewHost()) | 1877 if (GetRenderViewHost()) |
| 1878 GetRenderViewHostImpl()->DragSourceMovedTo(client_x, client_y, | 1878 GetRenderViewHostImpl()->DragSourceMovedTo(client_x, client_y, |
| 1879 screen_x, screen_y); | 1879 screen_x, screen_y); |
| 1880 } | 1880 } |
| 1881 | 1881 |
| 1882 void WebContentsImpl::DidGetResourceResponseStart( | 1882 void WebContentsImpl::DidGetResourceResponseStart( |
| 1883 const ResourceRequestDetails& details) { | 1883 const ResourceRequestDetails& details) { |
| 1884 | |
| 1885 // If inline resource has invalid certificate, set the insecure content flag. | |
| 1886 // See https://codereview.chromium.org/181253003/ | |
|
Charlie Reis
2014/04/10 16:57:19
No need for this line-- the rest of the summary is
| |
| 1887 // For all the intended notifications to be sent, we need to call | |
| 1888 // SSLManager::NotifySSLInternalStateChanged() after setting the flag. | |
| 1889 // In "standard" insecure content scenario (i.e. http resource in https | |
| 1890 // context) the flag is set and SSLManager gets notified in | |
| 1891 // OnDidDisplayInsecureContent() (Webkit notification handler). | |
| 1892 // When, however, the certificate for the inline is invalid, Webkit will not | |
| 1893 // tell us about it and we need to set the flag & notify SSLManager manually. | |
| 1894 // Note: the call to SSLManager::NotifySSLInternalStateChanged() will be done | |
| 1895 // from SSLManager::DidStartResourceResponse(). | |
|
Charlie Reis
2014/04/10 16:57:19
This comment is great.
| |
| 1896 // See SSLPolicyBackend::HostRanInsecureContent() | |
|
Charlie Reis
2014/04/10 16:57:19
No need for this line, since it's easy for it to g
| |
| 1897 if (net::IsCertStatusError(details.ssl_cert_status)) | |
| 1898 displayed_insecure_content_ = true; | |
| 1899 | |
| 1884 controller_.ssl_manager()->DidStartResourceResponse(details); | 1900 controller_.ssl_manager()->DidStartResourceResponse(details); |
| 1885 | 1901 |
| 1886 FOR_EACH_OBSERVER(WebContentsObserver, observers_, | 1902 FOR_EACH_OBSERVER(WebContentsObserver, observers_, |
| 1887 DidGetResourceResponseStart(details)); | 1903 DidGetResourceResponseStart(details)); |
| 1888 | 1904 |
| 1889 // TODO(avi): Remove. http://crbug.com/170921 | 1905 // TODO(avi): Remove. http://crbug.com/170921 |
| 1890 NotificationService::current()->Notify( | 1906 NotificationService::current()->Notify( |
| 1891 NOTIFICATION_RESOURCE_RESPONSE_STARTED, | 1907 NOTIFICATION_RESOURCE_RESPONSE_STARTED, |
| 1892 Source<WebContents>(this), | 1908 Source<WebContents>(this), |
| 1893 Details<const ResourceRequestDetails>(&details)); | 1909 Details<const ResourceRequestDetails>(&details)); |
| (...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2265 int connection_status = 0; | 2281 int connection_status = 0; |
| 2266 SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; | 2282 SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; |
| 2267 DeserializeSecurityInfo(security_info, &cert_id, &cert_status, | 2283 DeserializeSecurityInfo(security_info, &cert_id, &cert_status, |
| 2268 &security_bits, &connection_status, | 2284 &security_bits, &connection_status, |
| 2269 &signed_certificate_timestamp_ids); | 2285 &signed_certificate_timestamp_ids); |
| 2270 // TODO(alcutter,eranm): Pass signed_certificate_timestamp_ids into details | 2286 // TODO(alcutter,eranm): Pass signed_certificate_timestamp_ids into details |
| 2271 LoadFromMemoryCacheDetails details( | 2287 LoadFromMemoryCacheDetails details( |
| 2272 url, GetRenderProcessHost()->GetID(), cert_id, cert_status, http_method, | 2288 url, GetRenderProcessHost()->GetID(), cert_id, cert_status, http_method, |
| 2273 mime_type, resource_type); | 2289 mime_type, resource_type); |
| 2274 | 2290 |
| 2291 // See WebContentsImpl::DidGetResourceResponseStart for an explanation of why | |
| 2292 // displayed_insecure_content_ is set here. | |
| 2293 // Note: the call to SSLManager::NotifySSLInternalStateChanged() will be done | |
|
Charlie Reis
2014/04/10 16:57:19
No need for these last 3 lines, since they're cove
| |
| 2294 // from SSLManager::DidLoadFromMemoryCache(). | |
| 2295 // See SSLPolicyBackend::HostRanInsecureContent() | |
| 2296 if (net::IsCertStatusError(cert_status)) | |
| 2297 displayed_insecure_content_ = true; | |
| 2298 | |
| 2275 controller_.ssl_manager()->DidLoadFromMemoryCache(details); | 2299 controller_.ssl_manager()->DidLoadFromMemoryCache(details); |
| 2276 | 2300 |
| 2277 FOR_EACH_OBSERVER(WebContentsObserver, observers_, | 2301 FOR_EACH_OBSERVER(WebContentsObserver, observers_, |
| 2278 DidLoadResourceFromMemoryCache(details)); | 2302 DidLoadResourceFromMemoryCache(details)); |
| 2279 | 2303 |
| 2280 if (url.is_valid() && url.SchemeIsHTTPOrHTTPS()) { | 2304 if (url.is_valid() && url.SchemeIsHTTPOrHTTPS()) { |
| 2281 scoped_refptr<net::URLRequestContextGetter> request_context( | 2305 scoped_refptr<net::URLRequestContextGetter> request_context( |
| 2282 resource_type == ResourceType::MEDIA ? | 2306 resource_type == ResourceType::MEDIA ? |
| 2283 GetBrowserContext()->GetMediaRequestContextForRenderProcess( | 2307 GetBrowserContext()->GetMediaRequestContextForRenderProcess( |
| 2284 GetRenderProcessHost()->GetID()) : | 2308 GetRenderProcessHost()->GetID()) : |
| (...skipping 1345 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3630 | 3654 |
| 3631 void WebContentsImpl::OnPreferredSizeChanged(const gfx::Size& old_size) { | 3655 void WebContentsImpl::OnPreferredSizeChanged(const gfx::Size& old_size) { |
| 3632 if (!delegate_) | 3656 if (!delegate_) |
| 3633 return; | 3657 return; |
| 3634 const gfx::Size new_size = GetPreferredSize(); | 3658 const gfx::Size new_size = GetPreferredSize(); |
| 3635 if (new_size != old_size) | 3659 if (new_size != old_size) |
| 3636 delegate_->UpdatePreferredSize(this, new_size); | 3660 delegate_->UpdatePreferredSize(this, new_size); |
| 3637 } | 3661 } |
| 3638 | 3662 |
| 3639 } // namespace content | 3663 } // namespace content |
| OLD | NEW |
