third_party/WebKit/Source/core/loader/MixedContentChecker.cpp - Issue 1905033002: PlzNavigate: Move navigation-level mixed content checks to the browser.

Unified Diff: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

Issue 1905033002: PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message

Patch Set: Minor changes to code and commenst Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« content/browser/frame_host/mixed_content_navigation_throttle.cc ('K') | « third_party/WebKit/Source/core/loader/MixedContentChecker.h ('k') | third_party/WebKit/Source/core/loader/MixedContentCheckerTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

index 51dfb21fc44a42e3c0a98e64b2da0780c1ed4dd3..4d7d6e70f1cae4d5627b8f181eba5183513f16e9 100644

--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

@@ -143,8 +143,8 @@ static void measureStricterVersionOfIsMixedContent(Frame* frame,

const KURL& url) {

// We're currently only checking for mixed content in `https://*` contexts.

// What about other "secure" contexts the SchemeRegistry knows about? We'll

- // use this method to measure the occurance of non-webby mixed content to make

- // sure we're not breaking the world without realizing it.

+ // use this method to measure the occurrence of non-webby mixed content to

+ // make sure we're not breaking the world without realizing it.

SecurityOrigin* origin = frame->securityContext()->getSecurityOrigin();

if (MixedContentChecker::isMixedContent(origin, url)) {

if (origin->protocol() != "https") {

@@ -294,6 +294,13 @@ bool MixedContentChecker::shouldBlockFetch(

ResourceRequest::RedirectStatus redirectStatus,

const KURL& url,

MixedContentChecker::ReportingStatus reportingStatus) {

+ // Frame-level loads are checked by the browser if PlzNavigate is enabled. No

+ // need to check them again here.

+ if (frame->settings()->getBrowserSideNavigationEnabled() &&

+ frameType != WebURLRequest::FrameTypeNone) {

+ return false;

+ }

Mike West 2017/02/13 13:17:44 As we've discussed, landing this change will inver

carlosk 2017/02/14 01:42:59 This change will not affect the current navigation

carlosk 2017/02/14 19:32:15 Filed https://crbug.com/692157 to track the HSTS t

Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType);

Frame* mixedFrame =

inWhichFrameIsContentMixed(effectiveFrame, frameType, url);

@@ -563,6 +570,28 @@ void MixedContentChecker::handleCertificateError(

}

+// static

+void MixedContentChecker::mixedContentFound(

+ LocalFrame* frame,

+ const KURL& mainResourceUrl,

+ const KURL& mixedContentUrl,

+ WebURLRequest::RequestContext requestContext,

+ bool wasAllowed,

+ bool hadRedirect) {

+ // Logs to the frame console.

+ logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl,

+ requestContext, wasAllowed);

+ // Reports to the CSP policy.

+ ContentSecurityPolicy* policy =

+ frame->securityContext()->contentSecurityPolicy();

+ if (policy) {

Mike West 2017/02/13 13:17:44 Is it possible for this to be false? Shouldn't eve

carlosk 2017/02/14 01:42:59 This mimics the way these same reports are impleme

+ policy->reportMixedContent(

+ mixedContentUrl, hadRedirect

+ ? ResourceRequest::RedirectStatus::FollowedRedirect

+ : ResourceRequest::RedirectStatus::NoRedirect);

+ }

WebMixedContentContextType MixedContentChecker::contextTypeForInspector(

LocalFrame* frame,

const ResourceRequest& request) {