content/browser/web_contents/web_contents_impl.cc - Issue 1905033002: PlzNavigate: Move navigation-level mixed content checks to the browser.

Side by Side Diff: content/browser/web_contents/web_contents_impl.cc

Issue 1905033002: PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message

Patch Set: MixedContent::ContextType comes from the renderer; lessen Blink public code; fixed build. Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/browser/frame_host/mixed_content_navigation_throttle.cc ('K') | « content/browser/web_contents/web_contents_impl.h ('k') | content/child/request_extra_data.h » ('j') | third_party/WebKit/public/platform/WebMixedContent.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/web_contents/web_contents_impl.h"	5 #include "content/browser/web_contents/web_contents_impl.h"

6	6

7 #include <stddef.h>	7 #include <stddef.h>

8	8

9 #include <cmath>	9 #include <cmath>

10 #include <utility>	10 #include <utility>

(...skipping 3519 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3530 : partition->GetURLRequestContext());	3530 : partition->GetURLRequestContext());

3531 BrowserThread::PostTask(	3531 BrowserThread::PostTask(

3532 BrowserThread::IO, FROM_HERE,	3532 BrowserThread::IO, FROM_HERE,

3533 base::Bind(&NotifyCacheOnIO, request_context, url, http_method));	3533 base::Bind(&NotifyCacheOnIO, request_context, url, http_method));

3534 }	3534 }

3535 }	3535 }

3536	3536

3537 void WebContentsImpl::OnDidDisplayInsecureContent(RenderFrameHostImpl* source) {	3537 void WebContentsImpl::OnDidDisplayInsecureContent(RenderFrameHostImpl* source) {

3538 // Any frame can trigger display of insecure content, so we don't check	3538 // Any frame can trigger display of insecure content, so we don't check

3539 // \|source\| here.	3539 // \|source\| here.

	3540 DidDisplayInsecureContent();

	3541 }

	3542

	3543 void WebContentsImpl::DidDisplayInsecureContent() {

	3544 // Note: this implementation is an equivalent of

	3545 // ContentSettingsObserver::allowDisplayingInsecureContent

3540 RecordAction(base::UserMetricsAction("SSL.DisplayedInsecureContent"));	3546 RecordAction(base::UserMetricsAction("SSL.DisplayedInsecureContent"));

3541 controller_.ssl_manager()->DidDisplayMixedContent();	3547 controller_.ssl_manager()->DidDisplayMixedContent();

3542 }	3548 }

3543	3549

3544 void WebContentsImpl::OnDidRunInsecureContent(RenderFrameHostImpl* source,	3550 void WebContentsImpl::OnDidRunInsecureContent(RenderFrameHostImpl* source,

3545 const GURL& security_origin,	3551 const GURL& security_origin,

3546 const GURL& target_url) {	3552 const GURL& target_url) {

3547 // TODO(nick, estark): Should we call FilterURL using \|source\|'s process on	3553 // TODO(nick, estark): Should we call FilterURL using \|source\|'s process on

3548 // these parameters? \|target_url\| seems unused, except for a log message. And	3554 // these parameters? \|target_url\| seems unused, except for a log message. And

3549 // \|security_origin\| might be replaceable with the origin of the main frame.	3555 // \|security_origin\| might be replaceable with the origin of the main frame.

	3556 DidRunInsecureContent(security_origin, target_url);

	3557 }

	3558

	3559 void WebContentsImpl::DidRunInsecureContent(const GURL& security_origin,

	3560 const GURL& target_url) {

3550 LOG(WARNING) << security_origin << " ran insecure content from "	3561 LOG(WARNING) << security_origin << " ran insecure content from "

3551 << target_url.possibly_invalid_spec();	3562 << target_url.possibly_invalid_spec();

3552 RecordAction(base::UserMetricsAction("SSL.RanInsecureContent"));	3563 RecordAction(base::UserMetricsAction("SSL.RanInsecureContent"));

3553 if (base::EndsWith(security_origin.spec(), kDotGoogleDotCom,	3564 if (base::EndsWith(security_origin.spec(), kDotGoogleDotCom,

3554 base::CompareCase::INSENSITIVE_ASCII))	3565 base::CompareCase::INSENSITIVE_ASCII))

3555 RecordAction(base::UserMetricsAction("SSL.RanInsecureContentGoogle"));	3566 RecordAction(base::UserMetricsAction("SSL.RanInsecureContentGoogle"));

3556 controller_.ssl_manager()->DidRunMixedContent(security_origin);	3567 controller_.ssl_manager()->DidRunMixedContent(security_origin);

3557 }	3568 }

3558	3569

3559 void WebContentsImpl::OnDidDisplayContentWithCertificateErrors(	3570 void WebContentsImpl::OnDidDisplayContentWithCertificateErrors(

(...skipping 1858 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5418 GetMainFrame()->AddMessageToConsole(	5429 GetMainFrame()->AddMessageToConsole(

5419 content::CONSOLE_MESSAGE_LEVEL_WARNING,	5430 content::CONSOLE_MESSAGE_LEVEL_WARNING,

5420 base::StringPrintf("This site does not have a valid SSL "	5431 base::StringPrintf("This site does not have a valid SSL "

5421 "certificate! Without SSL, your site's and "	5432 "certificate! Without SSL, your site's and "

5422 "visitors' data is vulnerable to theft and "	5433 "visitors' data is vulnerable to theft and "

5423 "tampering. Get a valid SSL certificate before"	5434 "tampering. Get a valid SSL certificate before"

5424 " releasing your website to the public."));	5435 " releasing your website to the public."));

5425 }	5436 }

5426	5437

5427 } // namespace content	5438 } // namespace content

OLD	NEW