| Index: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
|
| index 21c313b2ce4e3735c1e6a6554233143787c2aa0a..5fdd0d93700db11c51c76fc2f69563668c82ac39 100644
|
| --- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
|
| @@ -61,6 +61,81 @@ KURL mainResourceUrlForFrame(Frame* frame) {
|
| return toLocalFrame(frame)->document()->url();
|
| }
|
|
|
| +const char* requestContextName(WebURLRequest::RequestContext context) {
|
| + switch (context) {
|
| + case WebURLRequest::RequestContextAudio:
|
| + return "audio file";
|
| + case WebURLRequest::RequestContextBeacon:
|
| + return "Beacon endpoint";
|
| + case WebURLRequest::RequestContextCSPReport:
|
| + return "Content Security Policy reporting endpoint";
|
| + case WebURLRequest::RequestContextDownload:
|
| + return "download";
|
| + case WebURLRequest::RequestContextEmbed:
|
| + return "plugin resource";
|
| + case WebURLRequest::RequestContextEventSource:
|
| + return "EventSource endpoint";
|
| + case WebURLRequest::RequestContextFavicon:
|
| + return "favicon";
|
| + case WebURLRequest::RequestContextFetch:
|
| + return "resource";
|
| + case WebURLRequest::RequestContextFont:
|
| + return "font";
|
| + case WebURLRequest::RequestContextForm:
|
| + return "form action";
|
| + case WebURLRequest::RequestContextFrame:
|
| + return "frame";
|
| + case WebURLRequest::RequestContextHyperlink:
|
| + return "resource";
|
| + case WebURLRequest::RequestContextIframe:
|
| + return "frame";
|
| + case WebURLRequest::RequestContextImage:
|
| + return "image";
|
| + case WebURLRequest::RequestContextImageSet:
|
| + return "image";
|
| + case WebURLRequest::RequestContextImport:
|
| + return "HTML Import";
|
| + case WebURLRequest::RequestContextInternal:
|
| + return "resource";
|
| + case WebURLRequest::RequestContextLocation:
|
| + return "resource";
|
| + case WebURLRequest::RequestContextManifest:
|
| + return "manifest";
|
| + case WebURLRequest::RequestContextObject:
|
| + return "plugin resource";
|
| + case WebURLRequest::RequestContextPing:
|
| + return "hyperlink auditing endpoint";
|
| + case WebURLRequest::RequestContextPlugin:
|
| + return "plugin data";
|
| + case WebURLRequest::RequestContextPrefetch:
|
| + return "prefetch resource";
|
| + case WebURLRequest::RequestContextScript:
|
| + return "script";
|
| + case WebURLRequest::RequestContextServiceWorker:
|
| + return "Service Worker script";
|
| + case WebURLRequest::RequestContextSharedWorker:
|
| + return "Shared Worker script";
|
| + case WebURLRequest::RequestContextStyle:
|
| + return "stylesheet";
|
| + case WebURLRequest::RequestContextSubresource:
|
| + return "resource";
|
| + case WebURLRequest::RequestContextTrack:
|
| + return "Text Track";
|
| + case WebURLRequest::RequestContextUnspecified:
|
| + return "resource";
|
| + case WebURLRequest::RequestContextVideo:
|
| + return "video";
|
| + case WebURLRequest::RequestContextWorker:
|
| + return "Worker script";
|
| + case WebURLRequest::RequestContextXMLHttpRequest:
|
| + return "XMLHttpRequest endpoint";
|
| + case WebURLRequest::RequestContextXSLT:
|
| + return "XSLT";
|
| + }
|
| + NOTREACHED();
|
| + return "resource";
|
| +}
|
| +
|
| } // namespace
|
|
|
| static void measureStricterVersionOfIsMixedContent(Frame* frame,
|
| @@ -150,8 +225,7 @@ void MixedContentChecker::logToConsoleAboutFetch(
|
| "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an "
|
| "insecure %s '%s'. %s",
|
| mainResourceUrl.elidedString().utf8().data(),
|
| - WebMixedContent::requestContextName(requestContext),
|
| - url.elidedString().utf8().data(),
|
| + requestContextName(requestContext), url.elidedString().utf8().data(),
|
| allowed ? "This content should also be served over HTTPS."
|
| : "This request has been blocked; the content must be served "
|
| "over HTTPS.");
|
| @@ -219,6 +293,13 @@ bool MixedContentChecker::shouldBlockFetch(
|
| ResourceRequest::RedirectStatus redirectStatus,
|
| const KURL& url,
|
| MixedContentChecker::ReportingStatus reportingStatus) {
|
| + // Frame-level loads are checked by the browser. No need to check them again
|
| + // here.
|
| + if (frame->settings()->getBrowserSideNavigationEnabled() &&
|
| + frameType != WebURLRequest::FrameTypeNone) {
|
| + return false;
|
| + }
|
| +
|
| Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType);
|
| Frame* mixedFrame =
|
| inWhichFrameIsContentMixed(effectiveFrame, frameType, url);
|
| @@ -488,6 +569,26 @@ void MixedContentChecker::handleCertificateError(
|
| }
|
| }
|
|
|
| +// static
|
| +void MixedContentChecker::mixedContentFoundByTheBrowser(
|
| + LocalFrame* frame,
|
| + const KURL& mainResourceUrl,
|
| + const KURL& mixedContentUrl,
|
| + WebURLRequest::RequestContext requestContext,
|
| + bool wasAllowed,
|
| + bool hadRedirect) {
|
| + logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl,
|
| + requestContext, wasAllowed);
|
| + ContentSecurityPolicy* policy =
|
| + frame->securityContext()->contentSecurityPolicy();
|
| + if (policy) {
|
| + policy->reportMixedContent(
|
| + mixedContentUrl, hadRedirect
|
| + ? ResourceRequest::RedirectStatus::FollowedRedirect
|
| + : ResourceRequest::RedirectStatus::NoRedirect);
|
| + }
|
| +}
|
| +
|
| WebMixedContent::ContextType MixedContentChecker::contextTypeForInspector(
|
| LocalFrame* frame,
|
| const ResourceRequest& request) {
|
|
|
Chromium Code Reviews
Issue 1905033002:
PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message