| Index: chrome/browser/ssl/ssl_browser_tests.cc
|
| diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
|
| index 3d78d5fb63914a30ac0302a47531eba5cd0593a1..949705a3a32175f7033825820a931bbb236743fa 100644
|
| --- a/chrome/browser/ssl/ssl_browser_tests.cc
|
| +++ b/chrome/browser/ssl/ssl_browser_tests.cc
|
| @@ -1185,6 +1185,44 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, MAYBE_TestRunsCachedInsecureContent) {
|
| AuthState::DISPLAYED_INSECURE_CONTENT | AuthState::RAN_INSECURE_CONTENT);
|
| }
|
|
|
| +IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInlineUsingInvalidCertificate) {
|
| + ASSERT_TRUE(https_server_mismatched_.Start());
|
| + ASSERT_TRUE(https_server_.Start());
|
| +
|
| + // Load the image using insecure server.
|
| + GURL url(https_server_mismatched_.GetURL("files/ssl/google_files/logo.gif"));
|
| + ui_test_utils::NavigateToURL(browser(), url);
|
| +
|
| + WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
|
| + CheckAuthenticationBrokenState(tab,
|
| + net::CERT_STATUS_COMMON_NAME_INVALID,
|
| + AuthState::SHOWING_INTERSTITIAL);
|
| + ProceedThroughInterstitial(tab);
|
| + CheckAuthenticationBrokenState(
|
| + tab, net::CERT_STATUS_COMMON_NAME_INVALID, AuthState::NONE);
|
| +
|
| + // Load the webpage using secure server.
|
| + std::string replacement_path;
|
| + ASSERT_TRUE(GetFilePathWithHostAndPortReplacement(
|
| + "files/ssl/page_with_dynamic_insecure_content.html",
|
| + https_server_mismatched_.host_port_pair(),
|
| + &replacement_path));
|
| + ui_test_utils::NavigateToURL(browser(),
|
| + https_server_.GetURL(replacement_path));
|
| + CheckAuthenticatedState(tab, AuthState::NONE);
|
| + EXPECT_FALSE(tab->DisplayedInsecureContent());
|
| +
|
| + // Load the inline image using insecure server.
|
| + bool js_result = false;
|
| + EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
|
| + tab, "loadBadImage('https');", &js_result));
|
| + EXPECT_TRUE(js_result);
|
| +
|
| + // Page security should be downgraded.
|
| + CheckAuthenticatedState(tab, AuthState::DISPLAYED_INSECURE_CONTENT);
|
| + EXPECT_TRUE(tab->DisplayedInsecureContent());
|
| +}
|
| +
|
| // This test ensures the CN invalid status does not 'stick' to a certificate
|
| // (see bug #1044942) and that it depends on the host-name.
|
| // Test if disabled due to flakiness http://crbug.com/368280 .
|
| @@ -1566,7 +1604,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestBadFrameNavigation) {
|
|
|
| // We should still be authentication broken.
|
| CheckAuthenticationBrokenState(
|
| - tab, net::CERT_STATUS_DATE_INVALID, AuthState::NONE);
|
| + tab,
|
| + net::CERT_STATUS_DATE_INVALID,
|
| + AuthState::DISPLAYED_INSECURE_CONTENT);
|
| }
|
|
|
| // From an HTTP top frame, navigate to good and bad HTTPS (security state should
|
| @@ -1677,7 +1717,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorker) {
|
| page_with_unsafe_worker_path));
|
| CheckWorkerLoadResult(tab, true); // Worker loads insecure content
|
| CheckAuthenticationBrokenState(
|
| - tab, CertError::NONE, AuthState::RAN_INSECURE_CONTENT);
|
| + tab,
|
| + CertError::NONE,
|
| + AuthState::RAN_INSECURE_CONTENT | AuthState::DISPLAYED_INSECURE_CONTENT);
|
| }
|
|
|
| // Test that when the browser blocks displaying insecure content (images), the
|
|
|
Chromium Code Reviews
Issue 181253003:
Downgrade page security if an inline has invalid certificate.
Base URL: https://chromium.googlesource.com/chromium/src.git@master