| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/content_settings_observer.h" | 5 #include "chrome/renderer/content_settings_observer.h" |
| 6 | 6 |
| 7 #include "chrome/common/render_messages.h" | 7 #include "chrome/common/render_messages.h" |
| 8 #include "chrome/common/ssl_insecure_content.h" | 8 #include "chrome/common/ssl_insecure_content.h" |
| 9 #include "content/public/common/url_constants.h" | 9 #include "content/public/common/url_constants.h" |
| 10 #include "content/public/renderer/document_state.h" | 10 #include "content/public/renderer/document_state.h" |
| (...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 382 } | 382 } |
| 383 | 383 |
| 384 bool ContentSettingsObserver::allowMutationEvents(bool default_value) { | 384 bool ContentSettingsObserver::allowMutationEvents(bool default_value) { |
| 385 return IsPlatformApp() ? false : default_value; | 385 return IsPlatformApp() ? false : default_value; |
| 386 } | 386 } |
| 387 | 387 |
| 388 bool ContentSettingsObserver::allowRunningInsecureContent( | 388 bool ContentSettingsObserver::allowRunningInsecureContent( |
| 389 bool allowed_per_settings, | 389 bool allowed_per_settings, |
| 390 const blink::WebSecurityOrigin& origin, | 390 const blink::WebSecurityOrigin& origin, |
| 391 const blink::WebURL& resource_url) { | 391 const blink::WebURL& resource_url) { |
| 392 // Note: this implementation is a mirror of |
| 393 // Browser::ShouldAllowRunningInsecureContent. |
| 392 FilteredReportInsecureContentRan(GURL(resource_url)); | 394 FilteredReportInsecureContentRan(GURL(resource_url)); |
| 393 | 395 |
| 394 if (!allow_running_insecure_content_ && !allowed_per_settings) { | 396 if (!allow_running_insecure_content_ && !allowed_per_settings) { |
| 395 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT); | 397 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT); |
| 396 return false; | 398 return false; |
| 397 } | 399 } |
| 398 | 400 |
| 399 return true; | 401 return true; |
| 400 } | 402 } |
| 401 | 403 |
| 402 bool ContentSettingsObserver::allowAutoplay(bool default_value) { | 404 bool ContentSettingsObserver::allowAutoplay(bool default_value) { |
| 403 if (!content_setting_rules_) | 405 if (!content_setting_rules_) |
| 404 return default_value; | 406 return default_value; |
| 405 | 407 |
| 406 WebFrame* frame = render_frame()->GetWebFrame(); | 408 WebFrame* frame = render_frame()->GetWebFrame(); |
| 407 return GetContentSettingFromRules( | 409 return GetContentSettingFromRules( |
| 408 content_setting_rules_->autoplay_rules, frame, | 410 content_setting_rules_->autoplay_rules, frame, |
| 409 url::Origin(frame->document().getSecurityOrigin()).GetURL()) == | 411 url::Origin(frame->document().getSecurityOrigin()).GetURL()) == |
| 410 CONTENT_SETTING_ALLOW; | 412 CONTENT_SETTING_ALLOW; |
| 411 } | 413 } |
| 412 | 414 |
| 413 void ContentSettingsObserver::passiveInsecureContentFound( | 415 void ContentSettingsObserver::passiveInsecureContentFound( |
| 414 const blink::WebURL& resource_url) { | 416 const blink::WebURL& resource_url) { |
| 417 // Note: this implementation is a mirror of |
| 418 // Browser::PassiveInsecureContentFound. |
| 415 ReportInsecureContent(SslInsecureContentType::DISPLAY); | 419 ReportInsecureContent(SslInsecureContentType::DISPLAY); |
| 416 FilteredReportInsecureContentDisplayed(GURL(resource_url)); | 420 FilteredReportInsecureContentDisplayed(GURL(resource_url)); |
| 417 } | 421 } |
| 418 | 422 |
| 419 void ContentSettingsObserver::didNotAllowPlugins() { | 423 void ContentSettingsObserver::didNotAllowPlugins() { |
| 420 DidBlockContentType(CONTENT_SETTINGS_TYPE_PLUGINS); | 424 DidBlockContentType(CONTENT_SETTINGS_TYPE_PLUGINS); |
| 421 } | 425 } |
| 422 | 426 |
| 423 void ContentSettingsObserver::didNotAllowScript() { | 427 void ContentSettingsObserver::didNotAllowScript() { |
| 424 DidBlockContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT); | 428 DidBlockContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT); |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 530 | 534 |
| 531 // If the scheme is file:, an empty file name indicates a directory listing, | 535 // If the scheme is file:, an empty file name indicates a directory listing, |
| 532 // which requires JavaScript to function properly. | 536 // which requires JavaScript to function properly. |
| 533 if (base::EqualsASCII(protocol, url::kFileScheme)) { | 537 if (base::EqualsASCII(protocol, url::kFileScheme)) { |
| 534 return document_url.SchemeIs(url::kFileScheme) && | 538 return document_url.SchemeIs(url::kFileScheme) && |
| 535 document_url.ExtractFileName().empty(); | 539 document_url.ExtractFileName().empty(); |
| 536 } | 540 } |
| 537 | 541 |
| 538 return false; | 542 return false; |
| 539 } | 543 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1905033002:
PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message