Index: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp |
diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp |
index 51dfb21fc44a42e3c0a98e64b2da0780c1ed4dd3..4d7d6e70f1cae4d5627b8f181eba5183513f16e9 100644 |
--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp |
+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp |
@@ -143,8 +143,8 @@ static void measureStricterVersionOfIsMixedContent(Frame* frame, |
const KURL& url) { |
// We're currently only checking for mixed content in `https://*` contexts. |
// What about other "secure" contexts the SchemeRegistry knows about? We'll |
- // use this method to measure the occurance of non-webby mixed content to make |
- // sure we're not breaking the world without realizing it. |
+ // use this method to measure the occurrence of non-webby mixed content to |
+ // make sure we're not breaking the world without realizing it. |
SecurityOrigin* origin = frame->securityContext()->getSecurityOrigin(); |
if (MixedContentChecker::isMixedContent(origin, url)) { |
if (origin->protocol() != "https") { |
@@ -294,6 +294,13 @@ bool MixedContentChecker::shouldBlockFetch( |
ResourceRequest::RedirectStatus redirectStatus, |
const KURL& url, |
MixedContentChecker::ReportingStatus reportingStatus) { |
+ // Frame-level loads are checked by the browser if PlzNavigate is enabled. No |
+ // need to check them again here. |
+ if (frame->settings()->getBrowserSideNavigationEnabled() && |
+ frameType != WebURLRequest::FrameTypeNone) { |
+ return false; |
+ } |
+ |
Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); |
Frame* mixedFrame = |
inWhichFrameIsContentMixed(effectiveFrame, frameType, url); |
@@ -563,6 +570,28 @@ void MixedContentChecker::handleCertificateError( |
} |
} |
+// static |
+void MixedContentChecker::mixedContentFound( |
+ LocalFrame* frame, |
+ const KURL& mainResourceUrl, |
+ const KURL& mixedContentUrl, |
+ WebURLRequest::RequestContext requestContext, |
+ bool wasAllowed, |
+ bool hadRedirect) { |
+ // Logs to the frame console. |
+ logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl, |
+ requestContext, wasAllowed); |
+ // Reports to the CSP policy. |
+ ContentSecurityPolicy* policy = |
+ frame->securityContext()->contentSecurityPolicy(); |
+ if (policy) { |
+ policy->reportMixedContent( |
+ mixedContentUrl, hadRedirect |
+ ? ResourceRequest::RedirectStatus::FollowedRedirect |
+ : ResourceRequest::RedirectStatus::NoRedirect); |
+ } |
+} |
+ |
WebMixedContentContextType MixedContentChecker::contextTypeForInspector( |
LocalFrame* frame, |
const ResourceRequest& request) { |