| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/web_contents/web_contents_impl.h" | 5 #include "content/browser/web_contents/web_contents_impl.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <cmath> | 9 #include <cmath> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 3484 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3495 : partition->GetURLRequestContext()); | 3495 : partition->GetURLRequestContext()); |
| 3496 BrowserThread::PostTask( | 3496 BrowserThread::PostTask( |
| 3497 BrowserThread::IO, FROM_HERE, | 3497 BrowserThread::IO, FROM_HERE, |
| 3498 base::Bind(&NotifyCacheOnIO, request_context, url, http_method)); | 3498 base::Bind(&NotifyCacheOnIO, request_context, url, http_method)); |
| 3499 } | 3499 } |
| 3500 } | 3500 } |
| 3501 | 3501 |
| 3502 void WebContentsImpl::OnDidDisplayInsecureContent(RenderFrameHostImpl* source) { | 3502 void WebContentsImpl::OnDidDisplayInsecureContent(RenderFrameHostImpl* source) { |
| 3503 // Any frame can trigger display of insecure content, so we don't check | 3503 // Any frame can trigger display of insecure content, so we don't check |
| 3504 // |source| here. | 3504 // |source| here. |
| 3505 DidDisplayInsecureContent(); |
| 3506 } |
| 3507 |
| 3508 void WebContentsImpl::DidDisplayInsecureContent() { |
| 3509 // Note: this implementation is an equivalent of |
| 3510 // ContentSettingsObserver::allowDisplayingInsecureContent |
| 3505 RecordAction(base::UserMetricsAction("SSL.DisplayedInsecureContent")); | 3511 RecordAction(base::UserMetricsAction("SSL.DisplayedInsecureContent")); |
| 3506 controller_.ssl_manager()->DidDisplayMixedContent(); | 3512 controller_.ssl_manager()->DidDisplayMixedContent(); |
| 3507 } | 3513 } |
| 3508 | 3514 |
| 3509 void WebContentsImpl::OnDidRunInsecureContent(RenderFrameHostImpl* source, | 3515 void WebContentsImpl::OnDidRunInsecureContent(RenderFrameHostImpl* source, |
| 3510 const GURL& security_origin, | 3516 const GURL& security_origin, |
| 3511 const GURL& target_url) { | 3517 const GURL& target_url) { |
| 3512 // TODO(nick, estark): Should we call FilterURL using |source|'s process on | 3518 // TODO(nick, estark): Should we call FilterURL using |source|'s process on |
| 3513 // these parameters? |target_url| seems unused, except for a log message. And | 3519 // these parameters? |target_url| seems unused, except for a log message. And |
| 3514 // |security_origin| might be replaceable with the origin of the main frame. | 3520 // |security_origin| might be replaceable with the origin of the main frame. |
| 3521 DidRunInsecureContent(security_origin, target_url); |
| 3522 } |
| 3523 |
| 3524 void WebContentsImpl::DidRunInsecureContent(const GURL& security_origin, |
| 3525 const GURL& target_url) { |
| 3515 LOG(WARNING) << security_origin << " ran insecure content from " | 3526 LOG(WARNING) << security_origin << " ran insecure content from " |
| 3516 << target_url.possibly_invalid_spec(); | 3527 << target_url.possibly_invalid_spec(); |
| 3517 RecordAction(base::UserMetricsAction("SSL.RanInsecureContent")); | 3528 RecordAction(base::UserMetricsAction("SSL.RanInsecureContent")); |
| 3518 if (base::EndsWith(security_origin.spec(), kDotGoogleDotCom, | 3529 if (base::EndsWith(security_origin.spec(), kDotGoogleDotCom, |
| 3519 base::CompareCase::INSENSITIVE_ASCII)) | 3530 base::CompareCase::INSENSITIVE_ASCII)) |
| 3520 RecordAction(base::UserMetricsAction("SSL.RanInsecureContentGoogle")); | 3531 RecordAction(base::UserMetricsAction("SSL.RanInsecureContentGoogle")); |
| 3521 controller_.ssl_manager()->DidRunMixedContent(security_origin); | 3532 controller_.ssl_manager()->DidRunMixedContent(security_origin); |
| 3522 } | 3533 } |
| 3523 | 3534 |
| 3524 void WebContentsImpl::OnDidDisplayContentWithCertificateErrors( | 3535 void WebContentsImpl::OnDidDisplayContentWithCertificateErrors( |
| (...skipping 1807 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5332 GetMainFrame()->AddMessageToConsole( | 5343 GetMainFrame()->AddMessageToConsole( |
| 5333 content::CONSOLE_MESSAGE_LEVEL_WARNING, | 5344 content::CONSOLE_MESSAGE_LEVEL_WARNING, |
| 5334 base::StringPrintf("This site does not have a valid SSL " | 5345 base::StringPrintf("This site does not have a valid SSL " |
| 5335 "certificate! Without SSL, your site's and " | 5346 "certificate! Without SSL, your site's and " |
| 5336 "visitors' data is vulnerable to theft and " | 5347 "visitors' data is vulnerable to theft and " |
| 5337 "tampering. Get a valid SSL certificate before" | 5348 "tampering. Get a valid SSL certificate before" |
| 5338 " releasing your website to the public.")); | 5349 " releasing your website to the public.")); |
| 5339 } | 5350 } |
| 5340 | 5351 |
| 5341 } // namespace content | 5352 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1905033002:
PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message