OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
103 | 103 |
104 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry, | 104 void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry, |
105 WebContentsImpl* web_contents) { | 105 WebContentsImpl* web_contents) { |
106 DCHECK(entry); | 106 DCHECK(entry); |
107 | 107 |
108 InitializeEntryIfNeeded(entry); | 108 InitializeEntryIfNeeded(entry); |
109 | 109 |
110 if (!entry->GetURL().SchemeIsSecure()) | 110 if (!entry->GetURL().SchemeIsSecure()) |
111 return; | 111 return; |
112 | 112 |
113 if (!web_contents->DisplayedInsecureContent()) | |
114 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT; | |
115 | |
113 // An HTTPS response may not have a certificate for some reason. When that | 116 // An HTTPS response may not have a certificate for some reason. When that |
114 // happens, use the unauthenticated (HTTP) rather than the authentication | 117 // happens, use the unauthenticated (HTTP) rather than the authentication |
115 // broken security style so that we can detect this error condition. | 118 // broken security style so that we can detect this error condition. |
116 if (!entry->GetSSL().cert_id) { | 119 if (!entry->GetSSL().cert_id) { |
117 entry->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED; | 120 entry->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED; |
118 return; | 121 return; |
119 } | 122 } |
120 | 123 |
124 if (web_contents->DisplayedInsecureContent()) | |
125 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT; | |
Ryan Sleevi
2014/03/11 01:46:55
I'm not sure I understand why you set this here, r
| |
126 | |
121 if (net::IsCertStatusError(entry->GetSSL().cert_status)) { | 127 if (net::IsCertStatusError(entry->GetSSL().cert_status)) { |
122 // Minor errors don't lower the security style to | 128 // Minor errors don't lower the security style to |
123 // SECURITY_STYLE_AUTHENTICATION_BROKEN. | 129 // SECURITY_STYLE_AUTHENTICATION_BROKEN. |
124 if (!net::IsCertStatusMinorError(entry->GetSSL().cert_status)) { | 130 if (!net::IsCertStatusMinorError(entry->GetSSL().cert_status)) { |
125 entry->GetSSL().security_style = | 131 entry->GetSSL().security_style = |
126 SECURITY_STYLE_AUTHENTICATION_BROKEN; | 132 SECURITY_STYLE_AUTHENTICATION_BROKEN; |
127 } | 133 } |
128 return; | 134 return; |
129 } | 135 } |
130 | 136 |
131 SiteInstance* site_instance = entry->site_instance(); | 137 SiteInstance* site_instance = entry->site_instance(); |
132 // Note that |site_instance| can be NULL here because NavigationEntries don't | 138 // Note that |site_instance| can be NULL here because NavigationEntries don't |
133 // necessarily have site instances. Without a process, the entry can't | 139 // necessarily have site instances. Without a process, the entry can't |
134 // possibly have insecure content. See bug http://crbug.com/12423. | 140 // possibly have insecure content. See bug http://crbug.com/12423. |
135 if (site_instance && | 141 if (site_instance && |
136 backend_->DidHostRunInsecureContent( | 142 backend_->DidHostRunInsecureContent( |
137 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { | 143 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { |
138 entry->GetSSL().security_style = | 144 entry->GetSSL().security_style = |
139 SECURITY_STYLE_AUTHENTICATION_BROKEN; | 145 SECURITY_STYLE_AUTHENTICATION_BROKEN; |
140 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT; | 146 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT; |
141 return; | 147 return; |
142 } | 148 } |
143 | |
144 if (web_contents->DisplayedInsecureContent()) | |
145 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT; | |
146 else | |
147 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT; | |
148 } | 149 } |
149 | 150 |
150 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler, | 151 void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler, |
151 bool allow) { | 152 bool allow) { |
152 if (allow) { | 153 if (allow) { |
153 // Default behavior for accepting a certificate. | 154 // Default behavior for accepting a certificate. |
154 // Note that we should not call SetMaxSecurityStyle here, because the active | 155 // Note that we should not call SetMaxSecurityStyle here, because the active |
155 // NavigationEntry has just been deleted (in HideInterstitialPage) and the | 156 // NavigationEntry has just been deleted (in HideInterstitialPage) and the |
156 // new NavigationEntry will not be set until DidNavigate. This is ok, | 157 // new NavigationEntry will not be set until DidNavigate. This is ok, |
157 // because the new NavigationEntry will have its max security style set | 158 // because the new NavigationEntry will have its max security style set |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
219 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; | 220 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; |
220 } | 221 } |
221 | 222 |
222 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 223 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
223 GURL parsed_origin(origin); | 224 GURL parsed_origin(origin); |
224 if (parsed_origin.SchemeIsSecure()) | 225 if (parsed_origin.SchemeIsSecure()) |
225 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 226 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
226 } | 227 } |
227 | 228 |
228 } // namespace content | 229 } // namespace content |
OLD | NEW |