Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(455)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

Issue 1905033002: PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message
Patch Set: Minor changes from nasko@'s comments Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/loader/MixedContentChecker.h ('k') | third_party/WebKit/Source/core/loader/MixedContentCheckerTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
index 51dfb21fc44a42e3c0a98e64b2da0780c1ed4dd3..4d7d6e70f1cae4d5627b8f181eba5183513f16e9 100644
--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
@@ -143,8 +143,8 @@ static void measureStricterVersionOfIsMixedContent(Frame* frame,
const KURL& url) {
// We're currently only checking for mixed content in `https://*` contexts.
// What about other "secure" contexts the SchemeRegistry knows about? We'll
- // use this method to measure the occurance of non-webby mixed content to make
- // sure we're not breaking the world without realizing it.
+ // use this method to measure the occurrence of non-webby mixed content to
+ // make sure we're not breaking the world without realizing it.
SecurityOrigin* origin = frame->securityContext()->getSecurityOrigin();
if (MixedContentChecker::isMixedContent(origin, url)) {
if (origin->protocol() != "https") {
@@ -294,6 +294,13 @@ bool MixedContentChecker::shouldBlockFetch(
ResourceRequest::RedirectStatus redirectStatus,
const KURL& url,
MixedContentChecker::ReportingStatus reportingStatus) {
+ // Frame-level loads are checked by the browser if PlzNavigate is enabled. No
+ // need to check them again here.
+ if (frame->settings()->getBrowserSideNavigationEnabled() &&
+ frameType != WebURLRequest::FrameTypeNone) {
+ return false;
+ }
+
Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType);
Frame* mixedFrame =
inWhichFrameIsContentMixed(effectiveFrame, frameType, url);
@@ -563,6 +570,28 @@ void MixedContentChecker::handleCertificateError(
}
}
+// static
+void MixedContentChecker::mixedContentFound(
+ LocalFrame* frame,
+ const KURL& mainResourceUrl,
+ const KURL& mixedContentUrl,
+ WebURLRequest::RequestContext requestContext,
+ bool wasAllowed,
+ bool hadRedirect) {
+ // Logs to the frame console.
+ logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl,
+ requestContext, wasAllowed);
+ // Reports to the CSP policy.
+ ContentSecurityPolicy* policy =
+ frame->securityContext()->contentSecurityPolicy();
+ if (policy) {
+ policy->reportMixedContent(
+ mixedContentUrl, hadRedirect
+ ? ResourceRequest::RedirectStatus::FollowedRedirect
+ : ResourceRequest::RedirectStatus::NoRedirect);
+ }
+}
+
WebMixedContentContextType MixedContentChecker::contextTypeForInspector(
LocalFrame* frame,
const ResourceRequest& request) {
« no previous file with comments | « third_party/WebKit/Source/core/loader/MixedContentChecker.h ('k') | third_party/WebKit/Source/core/loader/MixedContentCheckerTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698