| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/content_settings_observer.h" | 5 #include "chrome/renderer/content_settings_observer.h" |
| 6 | 6 |
| 7 #include "chrome/common/render_messages.h" | 7 #include "chrome/common/render_messages.h" |
| 8 #include "chrome/common/ssl_insecure_content.h" | 8 #include "chrome/common/ssl_insecure_content.h" |
| 9 #include "content/public/common/url_constants.h" | 9 #include "content/public/common/url_constants.h" |
| 10 #include "content/public/renderer/document_state.h" | 10 #include "content/public/renderer/document_state.h" |
| (...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 383 } | 383 } |
| 384 | 384 |
| 385 bool ContentSettingsObserver::allowMutationEvents(bool default_value) { | 385 bool ContentSettingsObserver::allowMutationEvents(bool default_value) { |
| 386 return IsPlatformApp() ? false : default_value; | 386 return IsPlatformApp() ? false : default_value; |
| 387 } | 387 } |
| 388 | 388 |
| 389 bool ContentSettingsObserver::allowRunningInsecureContent( | 389 bool ContentSettingsObserver::allowRunningInsecureContent( |
| 390 bool allowed_per_settings, | 390 bool allowed_per_settings, |
| 391 const blink::WebSecurityOrigin& origin, | 391 const blink::WebSecurityOrigin& origin, |
| 392 const blink::WebURL& resource_url) { | 392 const blink::WebURL& resource_url) { |
| 393 // Note: this implementation is a mirror of |
| 394 // Browser::ShouldAllowRunningInsecureContent. |
| 393 FilteredReportInsecureContentRan(GURL(resource_url)); | 395 FilteredReportInsecureContentRan(GURL(resource_url)); |
| 394 | 396 |
| 395 if (!allow_running_insecure_content_ && !allowed_per_settings) { | 397 if (!allow_running_insecure_content_ && !allowed_per_settings) { |
| 396 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT); | 398 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT); |
| 397 return false; | 399 return false; |
| 398 } | 400 } |
| 399 | 401 |
| 400 return true; | 402 return true; |
| 401 } | 403 } |
| 402 | 404 |
| 403 bool ContentSettingsObserver::allowAutoplay(bool default_value) { | 405 bool ContentSettingsObserver::allowAutoplay(bool default_value) { |
| 404 if (!content_setting_rules_) | 406 if (!content_setting_rules_) |
| 405 return default_value; | 407 return default_value; |
| 406 | 408 |
| 407 WebFrame* frame = render_frame()->GetWebFrame(); | 409 WebFrame* frame = render_frame()->GetWebFrame(); |
| 408 return GetContentSettingFromRules( | 410 return GetContentSettingFromRules( |
| 409 content_setting_rules_->autoplay_rules, frame, | 411 content_setting_rules_->autoplay_rules, frame, |
| 410 url::Origin(frame->document().getSecurityOrigin()).GetURL()) == | 412 url::Origin(frame->document().getSecurityOrigin()).GetURL()) == |
| 411 CONTENT_SETTING_ALLOW; | 413 CONTENT_SETTING_ALLOW; |
| 412 } | 414 } |
| 413 | 415 |
| 414 void ContentSettingsObserver::passiveInsecureContentFound( | 416 void ContentSettingsObserver::passiveInsecureContentFound( |
| 415 const blink::WebURL& resource_url) { | 417 const blink::WebURL& resource_url) { |
| 418 // Note: this implementation is a mirror of |
| 419 // Browser::PassiveInsecureContentFound. |
| 416 ReportInsecureContent(SslInsecureContentType::DISPLAY); | 420 ReportInsecureContent(SslInsecureContentType::DISPLAY); |
| 417 FilteredReportInsecureContentDisplayed(GURL(resource_url)); | 421 FilteredReportInsecureContentDisplayed(GURL(resource_url)); |
| 418 } | 422 } |
| 419 | 423 |
| 420 void ContentSettingsObserver::didNotAllowPlugins() { | 424 void ContentSettingsObserver::didNotAllowPlugins() { |
| 421 DidBlockContentType(CONTENT_SETTINGS_TYPE_PLUGINS); | 425 DidBlockContentType(CONTENT_SETTINGS_TYPE_PLUGINS); |
| 422 } | 426 } |
| 423 | 427 |
| 424 void ContentSettingsObserver::didNotAllowScript() { | 428 void ContentSettingsObserver::didNotAllowScript() { |
| 425 DidBlockContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT); | 429 DidBlockContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT); |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 530 #endif | 534 #endif |
| 531 | 535 |
| 532 // If the scheme is file:, an empty file name indicates a directory listing, | 536 // If the scheme is file:, an empty file name indicates a directory listing, |
| 533 // which requires JavaScript to function properly. | 537 // which requires JavaScript to function properly. |
| 534 if (protocol == url::kFileScheme && | 538 if (protocol == url::kFileScheme && |
| 535 document_url.protocolIs(url::kFileScheme)) { | 539 document_url.protocolIs(url::kFileScheme)) { |
| 536 return GURL(document_url).ExtractFileName().empty(); | 540 return GURL(document_url).ExtractFileName().empty(); |
| 537 } | 541 } |
| 538 return false; | 542 return false; |
| 539 } | 543 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1905033002:
PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message