| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/navigation_request.h" | 5 #include "content/browser/frame_host/navigation_request.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 #include "content/public/browser/browser_context.h" | 28 #include "content/public/browser/browser_context.h" |
| 29 #include "content/public/browser/content_browser_client.h" | 29 #include "content/public/browser/content_browser_client.h" |
| 30 #include "content/public/browser/global_request_id.h" | 30 #include "content/public/browser/global_request_id.h" |
| 31 #include "content/public/browser/navigation_controller.h" | 31 #include "content/public/browser/navigation_controller.h" |
| 32 #include "content/public/browser/navigation_data.h" | 32 #include "content/public/browser/navigation_data.h" |
| 33 #include "content/public/browser/navigation_ui_data.h" | 33 #include "content/public/browser/navigation_ui_data.h" |
| 34 #include "content/public/browser/storage_partition.h" | 34 #include "content/public/browser/storage_partition.h" |
| 35 #include "content/public/browser/stream_handle.h" | 35 #include "content/public/browser/stream_handle.h" |
| 36 #include "content/public/common/appcache_info.h" | 36 #include "content/public/common/appcache_info.h" |
| 37 #include "content/public/common/content_client.h" | 37 #include "content/public/common/content_client.h" |
| 38 #include "content/public/common/origin_util.h" |
| 38 #include "content/public/common/request_context_type.h" | 39 #include "content/public/common/request_context_type.h" |
| 39 #include "content/public/common/resource_response.h" | 40 #include "content/public/common/resource_response.h" |
| 40 #include "content/public/common/url_constants.h" | 41 #include "content/public/common/url_constants.h" |
| 41 #include "net/base/load_flags.h" | 42 #include "net/base/load_flags.h" |
| 42 #include "net/base/net_errors.h" | 43 #include "net/base/net_errors.h" |
| 43 #include "net/base/url_util.h" | 44 #include "net/base/url_util.h" |
| 44 #include "net/http/http_request_headers.h" | 45 #include "net/http/http_request_headers.h" |
| 45 #include "net/url_request/redirect_info.h" | 46 #include "net/url_request/redirect_info.h" |
| 46 #include "third_party/WebKit/public/platform/WebMixedContentContextType.h" | 47 #include "third_party/WebKit/public/platform/WebMixedContentContextType.h" |
| 47 #include "third_party/WebKit/public/web/WebSandboxFlags.h" | 48 #include "third_party/WebKit/public/web/WebSandboxFlags.h" |
| (...skipping 26 matching lines...) Expand all Loading... |
| 74 break; | 75 break; |
| 75 case FrameMsg_Navigate_Type::NORMAL: | 76 case FrameMsg_Navigate_Type::NORMAL: |
| 76 if (is_post) | 77 if (is_post) |
| 77 *load_flags |= net::LOAD_VALIDATE_CACHE; | 78 *load_flags |= net::LOAD_VALIDATE_CACHE; |
| 78 break; | 79 break; |
| 79 default: | 80 default: |
| 80 break; | 81 break; |
| 81 } | 82 } |
| 82 } | 83 } |
| 83 | 84 |
| 84 // This is based on SecurityOrigin::isPotentiallyTrustworthy. | |
| 85 // TODO(clamy): This should be function in url::Origin. | |
| 86 bool IsPotentiallyTrustworthyOrigin(const url::Origin& origin) { | |
| 87 if (origin.unique()) | |
| 88 return false; | |
| 89 | |
| 90 if (origin.scheme() == url::kHttpsScheme || | |
| 91 origin.scheme() == url::kAboutScheme || | |
| 92 origin.scheme() == url::kDataScheme || | |
| 93 origin.scheme() == url::kWssScheme || | |
| 94 origin.scheme() == url::kFileScheme) { | |
| 95 return true; | |
| 96 } | |
| 97 | |
| 98 if (net::IsLocalhost(origin.host())) | |
| 99 return true; | |
| 100 | |
| 101 // TODO(clamy): Check for whitelisted origins. | |
| 102 return false; | |
| 103 } | |
| 104 | |
| 105 // TODO(clamy): This should be function in FrameTreeNode. | 85 // TODO(clamy): This should be function in FrameTreeNode. |
| 106 bool IsSecureFrame(FrameTreeNode* frame) { | 86 bool IsSecureFrame(FrameTreeNode* frame) { |
| 107 while (frame) { | 87 while (frame) { |
| 108 if (!IsPotentiallyTrustworthyOrigin(frame->current_origin())) | 88 if (!IsPotentiallyTrustworthyOrigin(frame->current_origin())) |
| 109 return false; | 89 return false; |
| 110 frame = frame->parent(); | 90 frame = frame->parent(); |
| 111 } | 91 } |
| 112 return true; | 92 return true; |
| 113 } | 93 } |
| 114 | 94 |
| (...skipping 616 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 731 DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture); | 711 DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture); |
| 732 | 712 |
| 733 render_frame_host->CommitNavigation(response_.get(), std::move(body_), | 713 render_frame_host->CommitNavigation(response_.get(), std::move(body_), |
| 734 common_params_, request_params_, | 714 common_params_, request_params_, |
| 735 is_view_source_); | 715 is_view_source_); |
| 736 | 716 |
| 737 frame_tree_node_->ResetNavigationRequest(true); | 717 frame_tree_node_->ResetNavigationRequest(true); |
| 738 } | 718 } |
| 739 | 719 |
| 740 } // namespace content | 720 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1905033002:
PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message