| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/web_contents/web_contents_impl.h" | 5 #include "content/browser/web_contents/web_contents_impl.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <cmath> | 9 #include <cmath> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 3520 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3531 : partition->GetURLRequestContext()); | 3531 : partition->GetURLRequestContext()); |
| 3532 BrowserThread::PostTask( | 3532 BrowserThread::PostTask( |
| 3533 BrowserThread::IO, FROM_HERE, | 3533 BrowserThread::IO, FROM_HERE, |
| 3534 base::Bind(&NotifyCacheOnIO, request_context, url, http_method)); | 3534 base::Bind(&NotifyCacheOnIO, request_context, url, http_method)); |
| 3535 } | 3535 } |
| 3536 } | 3536 } |
| 3537 | 3537 |
| 3538 void WebContentsImpl::OnDidDisplayInsecureContent(RenderFrameHostImpl* source) { | 3538 void WebContentsImpl::OnDidDisplayInsecureContent(RenderFrameHostImpl* source) { |
| 3539 // Any frame can trigger display of insecure content, so we don't check | 3539 // Any frame can trigger display of insecure content, so we don't check |
| 3540 // |source| here. | 3540 // |source| here. |
| 3541 DidDisplayInsecureContent(); |
| 3542 } |
| 3543 |
| 3544 void WebContentsImpl::DidDisplayInsecureContent() { |
| 3545 // Note: this implementation is an equivalent of |
| 3546 // ContentSettingsObserver::allowDisplayingInsecureContent |
| 3541 RecordAction(base::UserMetricsAction("SSL.DisplayedInsecureContent")); | 3547 RecordAction(base::UserMetricsAction("SSL.DisplayedInsecureContent")); |
| 3542 controller_.ssl_manager()->DidDisplayMixedContent(); | 3548 controller_.ssl_manager()->DidDisplayMixedContent(); |
| 3543 } | 3549 } |
| 3544 | 3550 |
| 3545 void WebContentsImpl::OnDidRunInsecureContent(RenderFrameHostImpl* source, | 3551 void WebContentsImpl::OnDidRunInsecureContent(RenderFrameHostImpl* source, |
| 3546 const GURL& security_origin, | 3552 const GURL& security_origin, |
| 3547 const GURL& target_url) { | 3553 const GURL& target_url) { |
| 3548 // TODO(nick, estark): Should we call FilterURL using |source|'s process on | 3554 // TODO(nick, estark): Should we call FilterURL using |source|'s process on |
| 3549 // these parameters? |target_url| seems unused, except for a log message. And | 3555 // these parameters? |target_url| seems unused, except for a log message. And |
| 3550 // |security_origin| might be replaceable with the origin of the main frame. | 3556 // |security_origin| might be replaceable with the origin of the main frame. |
| 3557 DidRunInsecureContent(security_origin, target_url); |
| 3558 } |
| 3559 |
| 3560 void WebContentsImpl::DidRunInsecureContent(const GURL& security_origin, |
| 3561 const GURL& target_url) { |
| 3551 LOG(WARNING) << security_origin << " ran insecure content from " | 3562 LOG(WARNING) << security_origin << " ran insecure content from " |
| 3552 << target_url.possibly_invalid_spec(); | 3563 << target_url.possibly_invalid_spec(); |
| 3553 RecordAction(base::UserMetricsAction("SSL.RanInsecureContent")); | 3564 RecordAction(base::UserMetricsAction("SSL.RanInsecureContent")); |
| 3554 if (base::EndsWith(security_origin.spec(), kDotGoogleDotCom, | 3565 if (base::EndsWith(security_origin.spec(), kDotGoogleDotCom, |
| 3555 base::CompareCase::INSENSITIVE_ASCII)) | 3566 base::CompareCase::INSENSITIVE_ASCII)) |
| 3556 RecordAction(base::UserMetricsAction("SSL.RanInsecureContentGoogle")); | 3567 RecordAction(base::UserMetricsAction("SSL.RanInsecureContentGoogle")); |
| 3557 controller_.ssl_manager()->DidRunMixedContent(security_origin); | 3568 controller_.ssl_manager()->DidRunMixedContent(security_origin); |
| 3558 } | 3569 } |
| 3559 | 3570 |
| 3560 void WebContentsImpl::OnDidDisplayContentWithCertificateErrors( | 3571 void WebContentsImpl::OnDidDisplayContentWithCertificateErrors( |
| (...skipping 1858 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5419 GetMainFrame()->AddMessageToConsole( | 5430 GetMainFrame()->AddMessageToConsole( |
| 5420 content::CONSOLE_MESSAGE_LEVEL_WARNING, | 5431 content::CONSOLE_MESSAGE_LEVEL_WARNING, |
| 5421 base::StringPrintf("This site does not have a valid SSL " | 5432 base::StringPrintf("This site does not have a valid SSL " |
| 5422 "certificate! Without SSL, your site's and " | 5433 "certificate! Without SSL, your site's and " |
| 5423 "visitors' data is vulnerable to theft and " | 5434 "visitors' data is vulnerable to theft and " |
| 5424 "tampering. Get a valid SSL certificate before" | 5435 "tampering. Get a valid SSL certificate before" |
| 5425 " releasing your website to the public.")); | 5436 " releasing your website to the public.")); |
| 5426 } | 5437 } |
| 5427 | 5438 |
| 5428 } // namespace content | 5439 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1905033002:
PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message