Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(466)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

Issue 1905033002: PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message
Patch Set: Moved methods from ContentBrowserClient to WebContentsDelegate; all caps constant names. Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/renderer/render_frame_impl.cc ('K') | « third_party/WebKit/Source/core/loader/MixedContentChecker.h ('k') | third_party/WebKit/Source/core/loader/MixedContentCheckerTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2012 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after
287 } 287 }
288 288
289 // static 289 // static
290 bool MixedContentChecker::shouldBlockFetch( 290 bool MixedContentChecker::shouldBlockFetch(
291 LocalFrame* frame, 291 LocalFrame* frame,
292 WebURLRequest::RequestContext requestContext, 292 WebURLRequest::RequestContext requestContext,
293 WebURLRequest::FrameType frameType, 293 WebURLRequest::FrameType frameType,
294 ResourceRequest::RedirectStatus redirectStatus, 294 ResourceRequest::RedirectStatus redirectStatus,
295 const KURL& url, 295 const KURL& url,
296 MixedContentChecker::ReportingStatus reportingStatus) { 296 MixedContentChecker::ReportingStatus reportingStatus) {
297 // Frame-level loads are checked by the browser if PlzNavigate is enabled. No
298 // need to check them again here.
299 if (frame->settings()->getBrowserSideNavigationEnabled() &&
300 frameType != WebURLRequest::FrameTypeNone) {
301 return false;
302 }
303
297 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); 304 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType);
298 Frame* mixedFrame = 305 Frame* mixedFrame =
299 inWhichFrameIsContentMixed(effectiveFrame, frameType, url); 306 inWhichFrameIsContentMixed(effectiveFrame, frameType, url);
300 if (!mixedFrame) 307 if (!mixedFrame)
301 return false; 308 return false;
302 309
303 MixedContentChecker::count(mixedFrame, requestContext); 310 MixedContentChecker::count(mixedFrame, requestContext);
304 if (ContentSecurityPolicy* policy = 311 if (ContentSecurityPolicy* policy =
305 frame->securityContext()->contentSecurityPolicy()) 312 frame->securityContext()->contentSecurityPolicy())
306 policy->reportMixedContent(url, redirectStatus); 313 policy->reportMixedContent(url, redirectStatus);
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after
556 if (contextType == WebMixedContentContextType::Blockable) { 563 if (contextType == WebMixedContentContextType::Blockable) {
557 client->didRunContentWithCertificateErrors(response.url()); 564 client->didRunContentWithCertificateErrors(response.url());
558 } else { 565 } else {
559 // contextTypeFromRequestContext() never returns NotMixedContent (it 566 // contextTypeFromRequestContext() never returns NotMixedContent (it
560 // computes the type of mixed content, given that the content is mixed). 567 // computes the type of mixed content, given that the content is mixed).
561 DCHECK_NE(contextType, WebMixedContentContextType::NotMixedContent); 568 DCHECK_NE(contextType, WebMixedContentContextType::NotMixedContent);
562 client->didDisplayContentWithCertificateErrors(response.url()); 569 client->didDisplayContentWithCertificateErrors(response.url());
563 } 570 }
564 } 571 }
565 572
573 // static
574 void MixedContentChecker::mixedContentFoundByTheBrowser(
575 LocalFrame* frame,
576 const KURL& mainResourceUrl,
577 const KURL& mixedContentUrl,
578 WebURLRequest::RequestContext requestContext,
579 bool wasAllowed,
580 bool hadRedirect) {
581 logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl,
582 requestContext, wasAllowed);
583 ContentSecurityPolicy* policy =
584 frame->securityContext()->contentSecurityPolicy();
585 if (policy) {
586 policy->reportMixedContent(
587 mixedContentUrl, hadRedirect
588 ? ResourceRequest::RedirectStatus::FollowedRedirect
589 : ResourceRequest::RedirectStatus::NoRedirect);
590 }
591 }
592
566 WebMixedContentContextType MixedContentChecker::contextTypeForInspector( 593 WebMixedContentContextType MixedContentChecker::contextTypeForInspector(
567 LocalFrame* frame, 594 LocalFrame* frame,
568 const ResourceRequest& request) { 595 const ResourceRequest& request) {
569 Frame* effectiveFrame = 596 Frame* effectiveFrame =
570 effectiveFrameForFrameType(frame, request.frameType()); 597 effectiveFrameForFrameType(frame, request.frameType());
571 598
572 Frame* mixedFrame = inWhichFrameIsContentMixed( 599 Frame* mixedFrame = inWhichFrameIsContentMixed(
573 effectiveFrame, request.frameType(), request.url()); 600 effectiveFrame, request.frameType(), request.url());
574 if (!mixedFrame) 601 if (!mixedFrame)
575 return WebMixedContentContextType::NotMixedContent; 602 return WebMixedContentContextType::NotMixedContent;
576 603
577 // See comment in shouldBlockFetch() about loading the main resource of a 604 // See comment in shouldBlockFetch() about loading the main resource of a
578 // subframe. 605 // subframe.
579 if (request.frameType() == WebURLRequest::FrameTypeNested && 606 if (request.frameType() == WebURLRequest::FrameTypeNested &&
580 !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled( 607 !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(
581 request.url().protocol())) { 608 request.url().protocol())) {
582 return WebMixedContentContextType::OptionallyBlockable; 609 return WebMixedContentContextType::OptionallyBlockable;
583 } 610 }
584 611
585 bool strictMixedContentCheckingForPlugin = 612 bool strictMixedContentCheckingForPlugin =
586 mixedFrame->settings() && 613 mixedFrame->settings() &&
587 mixedFrame->settings()->getStrictMixedContentCheckingForPlugin(); 614 mixedFrame->settings()->getStrictMixedContentCheckingForPlugin();
588 return WebMixedContent::contextTypeFromRequestContext( 615 return WebMixedContent::contextTypeFromRequestContext(
589 request.requestContext(), strictMixedContentCheckingForPlugin); 616 request.requestContext(), strictMixedContentCheckingForPlugin);
590 } 617 }
591 618
592 } // namespace blink 619 } // namespace blink
OLDNEW
« content/renderer/render_frame_impl.cc ('K') | « third_party/WebKit/Source/core/loader/MixedContentChecker.h ('k') | third_party/WebKit/Source/core/loader/MixedContentCheckerTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698