OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 17 matching lines...) Expand all Loading... |
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 */ | 29 */ |
30 | 30 |
31 #ifndef MixedContentChecker_h | 31 #ifndef MixedContentChecker_h |
32 #define MixedContentChecker_h | 32 #define MixedContentChecker_h |
33 | 33 |
34 #include "base/gtest_prod_util.h" | 34 #include "base/gtest_prod_util.h" |
35 #include "core/CoreExport.h" | 35 #include "core/CoreExport.h" |
36 #include "platform/heap/Handle.h" | 36 #include "platform/heap/Handle.h" |
37 #include "platform/network/ResourceRequest.h" | 37 #include "platform/network/ResourceRequest.h" |
38 #include "public/platform/WebMixedContent.h" | |
39 #include "public/platform/WebURLRequest.h" | 38 #include "public/platform/WebURLRequest.h" |
40 #include "wtf/text/WTFString.h" | 39 #include "wtf/text/WTFString.h" |
41 | 40 |
42 namespace blink { | 41 namespace blink { |
43 | 42 |
| 43 enum class WebMixedContentContextType; |
44 class Frame; | 44 class Frame; |
45 class LocalFrame; | 45 class LocalFrame; |
46 class KURL; | 46 class KURL; |
47 class ResourceResponse; | 47 class ResourceResponse; |
48 class SecurityOrigin; | 48 class SecurityOrigin; |
49 | 49 |
| 50 // Checks all sub-resource loads for mixed-content. Frame-level loads are |
| 51 // checked at the browser by MixedContentNavigationThrottle. Changes to this |
| 52 // class might need to be reflected on its browser counterpart. |
| 53 // |
| 54 // Current mixed content draft that drives this implementation: |
| 55 // https://w3c.github.io/webappsec-mixed-content/ |
50 class CORE_EXPORT MixedContentChecker final { | 56 class CORE_EXPORT MixedContentChecker final { |
51 WTF_MAKE_NONCOPYABLE(MixedContentChecker); | 57 WTF_MAKE_NONCOPYABLE(MixedContentChecker); |
52 DISALLOW_NEW(); | 58 DISALLOW_NEW(); |
53 | 59 |
54 public: | 60 public: |
55 enum ReportingStatus { SendReport, SuppressReport }; | 61 enum ReportingStatus { SendReport, SuppressReport }; |
56 static bool shouldBlockFetch(LocalFrame*, | 62 static bool shouldBlockFetch(LocalFrame*, |
57 WebURLRequest::RequestContext, | 63 WebURLRequest::RequestContext, |
58 WebURLRequest::FrameType, | 64 WebURLRequest::FrameType, |
59 ResourceRequest::RedirectStatus, | 65 ResourceRequest::RedirectStatus, |
(...skipping 13 matching lines...) Expand all Loading... |
73 ReportingStatus = SendReport); | 79 ReportingStatus = SendReport); |
74 | 80 |
75 static bool isMixedContent(SecurityOrigin*, const KURL&); | 81 static bool isMixedContent(SecurityOrigin*, const KURL&); |
76 static bool isMixedFormAction(LocalFrame*, | 82 static bool isMixedFormAction(LocalFrame*, |
77 const KURL&, | 83 const KURL&, |
78 ReportingStatus = SendReport); | 84 ReportingStatus = SendReport); |
79 | 85 |
80 static void checkMixedPrivatePublic(LocalFrame*, | 86 static void checkMixedPrivatePublic(LocalFrame*, |
81 const AtomicString& resourceIPAddress); | 87 const AtomicString& resourceIPAddress); |
82 | 88 |
83 static WebMixedContent::ContextType contextTypeForInspector( | 89 static WebMixedContentContextType contextTypeForInspector( |
84 LocalFrame*, | 90 LocalFrame*, |
85 const ResourceRequest&); | 91 const ResourceRequest&); |
86 | 92 |
87 // Returns the frame that should be considered the effective frame | 93 // Returns the frame that should be considered the effective frame |
88 // for a mixed content check for the given frame type. | 94 // for a mixed content check for the given frame type. |
89 static Frame* effectiveFrameForFrameType(LocalFrame*, | 95 static Frame* effectiveFrameForFrameType(LocalFrame*, |
90 WebURLRequest::FrameType); | 96 WebURLRequest::FrameType); |
91 | 97 |
92 static void handleCertificateError(LocalFrame*, | 98 static void handleCertificateError(LocalFrame*, |
93 const ResourceResponse&, | 99 const ResourceResponse&, |
94 WebURLRequest::FrameType, | 100 WebURLRequest::FrameType, |
95 WebURLRequest::RequestContext); | 101 WebURLRequest::RequestContext); |
96 | 102 |
| 103 // Log to the frame console about found mixed content and report it to the CSP |
| 104 // policy. |
| 105 static void mixedContentFoundByTheBrowser(LocalFrame*, |
| 106 const KURL& mainResourceUrl, |
| 107 const KURL& mixedContentUrl, |
| 108 WebURLRequest::RequestContext, |
| 109 bool wasAllowed, |
| 110 bool hadRedirect); |
| 111 |
97 private: | 112 private: |
98 FRIEND_TEST_ALL_PREFIXES(MixedContentCheckerTest, HandleCertificateError); | 113 FRIEND_TEST_ALL_PREFIXES(MixedContentCheckerTest, HandleCertificateError); |
99 | 114 |
100 static Frame* inWhichFrameIsContentMixed(Frame*, | 115 static Frame* inWhichFrameIsContentMixed(Frame*, |
101 WebURLRequest::FrameType, | 116 WebURLRequest::FrameType, |
102 const KURL&); | 117 const KURL&); |
103 | 118 |
104 static void logToConsoleAboutFetch(LocalFrame*, | 119 static void logToConsoleAboutFetch(LocalFrame*, |
105 const KURL&, | 120 const KURL&, |
106 const KURL&, | 121 const KURL&, |
107 WebURLRequest::RequestContext, | 122 WebURLRequest::RequestContext, |
108 bool allowed); | 123 bool allowed); |
109 static void logToConsoleAboutWebSocket(LocalFrame*, | 124 static void logToConsoleAboutWebSocket(LocalFrame*, |
110 const KURL&, | 125 const KURL&, |
111 const KURL&, | 126 const KURL&, |
112 bool allowed); | 127 bool allowed); |
113 static void count(Frame*, WebURLRequest::RequestContext); | 128 static void count(Frame*, WebURLRequest::RequestContext); |
114 }; | 129 }; |
115 | 130 |
116 } // namespace blink | 131 } // namespace blink |
117 | 132 |
118 #endif // MixedContentChecker_h | 133 #endif // MixedContentChecker_h |
OLD | NEW |