| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 */ | 29 */ |
| 30 | 30 |
| 31 #ifndef MixedContentChecker_h | 31 #ifndef MixedContentChecker_h |
| 32 #define MixedContentChecker_h | 32 #define MixedContentChecker_h |
| 33 | 33 |
| 34 #include "base/gtest_prod_util.h" | 34 #include "base/gtest_prod_util.h" |
| 35 #include "core/CoreExport.h" | 35 #include "core/CoreExport.h" |
| 36 #include "platform/heap/Handle.h" | 36 #include "platform/heap/Handle.h" |
| 37 #include "platform/network/ResourceRequest.h" | 37 #include "platform/network/ResourceRequest.h" |
| 38 #include "public/platform/WebMixedContent.h" | |
| 39 #include "public/platform/WebURLRequest.h" | 38 #include "public/platform/WebURLRequest.h" |
| 40 #include "wtf/text/WTFString.h" | 39 #include "wtf/text/WTFString.h" |
| 41 | 40 |
| 42 namespace blink { | 41 namespace blink { |
| 43 | 42 |
| 43 enum class WebMixedContentContextType; |
| 44 class Frame; | 44 class Frame; |
| 45 class LocalFrame; | 45 class LocalFrame; |
| 46 class KURL; | 46 class KURL; |
| 47 class ResourceResponse; | 47 class ResourceResponse; |
| 48 class SecurityOrigin; | 48 class SecurityOrigin; |
| 49 | 49 |
| 50 // Checks all sub-resource loads for mixed-content. Frame-level loads are |
| 51 // checked at the browser by MixedContentNavigationThrottle. Changes to this |
| 52 // class might need to be reflected on its browser counterpart. |
| 53 // |
| 54 // Current mixed content draft that drives this implementation: |
| 55 // https://w3c.github.io/webappsec-mixed-content/ |
| 50 class CORE_EXPORT MixedContentChecker final { | 56 class CORE_EXPORT MixedContentChecker final { |
| 51 WTF_MAKE_NONCOPYABLE(MixedContentChecker); | 57 WTF_MAKE_NONCOPYABLE(MixedContentChecker); |
| 52 DISALLOW_NEW(); | 58 DISALLOW_NEW(); |
| 53 | 59 |
| 54 public: | 60 public: |
| 55 enum ReportingStatus { SendReport, SuppressReport }; | 61 enum ReportingStatus { SendReport, SuppressReport }; |
| 56 static bool shouldBlockFetch(LocalFrame*, | 62 static bool shouldBlockFetch(LocalFrame*, |
| 57 WebURLRequest::RequestContext, | 63 WebURLRequest::RequestContext, |
| 58 WebURLRequest::FrameType, | 64 WebURLRequest::FrameType, |
| 59 ResourceRequest::RedirectStatus, | 65 ResourceRequest::RedirectStatus, |
| (...skipping 13 matching lines...) Expand all Loading... |
| 73 ReportingStatus = SendReport); | 79 ReportingStatus = SendReport); |
| 74 | 80 |
| 75 static bool isMixedContent(SecurityOrigin*, const KURL&); | 81 static bool isMixedContent(SecurityOrigin*, const KURL&); |
| 76 static bool isMixedFormAction(LocalFrame*, | 82 static bool isMixedFormAction(LocalFrame*, |
| 77 const KURL&, | 83 const KURL&, |
| 78 ReportingStatus = SendReport); | 84 ReportingStatus = SendReport); |
| 79 | 85 |
| 80 static void checkMixedPrivatePublic(LocalFrame*, | 86 static void checkMixedPrivatePublic(LocalFrame*, |
| 81 const AtomicString& resourceIPAddress); | 87 const AtomicString& resourceIPAddress); |
| 82 | 88 |
| 83 static WebMixedContent::ContextType contextTypeForInspector( | 89 static WebMixedContentContextType contextTypeForInspector( |
| 84 LocalFrame*, | 90 LocalFrame*, |
| 85 const ResourceRequest&); | 91 const ResourceRequest&); |
| 86 | 92 |
| 87 // Returns the frame that should be considered the effective frame | 93 // Returns the frame that should be considered the effective frame |
| 88 // for a mixed content check for the given frame type. | 94 // for a mixed content check for the given frame type. |
| 89 static Frame* effectiveFrameForFrameType(LocalFrame*, | 95 static Frame* effectiveFrameForFrameType(LocalFrame*, |
| 90 WebURLRequest::FrameType); | 96 WebURLRequest::FrameType); |
| 91 | 97 |
| 92 static void handleCertificateError(LocalFrame*, | 98 static void handleCertificateError(LocalFrame*, |
| 93 const ResourceResponse&, | 99 const ResourceResponse&, |
| 94 WebURLRequest::FrameType, | 100 WebURLRequest::FrameType, |
| 95 WebURLRequest::RequestContext); | 101 WebURLRequest::RequestContext); |
| 96 | 102 |
| 103 // Log to the frame console about found mixed content and report it to the CSP |
| 104 // policy. |
| 105 static void mixedContentFoundByTheBrowser(LocalFrame*, |
| 106 const KURL& mainResourceUrl, |
| 107 const KURL& mixedContentUrl, |
| 108 WebURLRequest::RequestContext, |
| 109 bool wasAllowed, |
| 110 bool hadRedirect); |
| 111 |
| 97 private: | 112 private: |
| 98 FRIEND_TEST_ALL_PREFIXES(MixedContentCheckerTest, HandleCertificateError); | 113 FRIEND_TEST_ALL_PREFIXES(MixedContentCheckerTest, HandleCertificateError); |
| 99 | 114 |
| 100 static Frame* inWhichFrameIsContentMixed(Frame*, | 115 static Frame* inWhichFrameIsContentMixed(Frame*, |
| 101 WebURLRequest::FrameType, | 116 WebURLRequest::FrameType, |
| 102 const KURL&); | 117 const KURL&); |
| 103 | 118 |
| 104 static void logToConsoleAboutFetch(LocalFrame*, | 119 static void logToConsoleAboutFetch(LocalFrame*, |
| 105 const KURL&, | 120 const KURL&, |
| 106 const KURL&, | 121 const KURL&, |
| 107 WebURLRequest::RequestContext, | 122 WebURLRequest::RequestContext, |
| 108 bool allowed); | 123 bool allowed); |
| 109 static void logToConsoleAboutWebSocket(LocalFrame*, | 124 static void logToConsoleAboutWebSocket(LocalFrame*, |
| 110 const KURL&, | 125 const KURL&, |
| 111 const KURL&, | 126 const KURL&, |
| 112 bool allowed); | 127 bool allowed); |
| 113 static void count(Frame*, WebURLRequest::RequestContext); | 128 static void count(Frame*, WebURLRequest::RequestContext); |
| 114 }; | 129 }; |
| 115 | 130 |
| 116 } // namespace blink | 131 } // namespace blink |
| 117 | 132 |
| 118 #endif // MixedContentChecker_h | 133 #endif // MixedContentChecker_h |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1905033002:
PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message