OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
81 { | 81 { |
82 return (frame && frame != frame->tree().top() && frameType != WebURLRequest:
:FrameTypeNested); | 82 return (frame && frame != frame->tree().top() && frameType != WebURLRequest:
:FrameTypeNested); |
83 } | 83 } |
84 | 84 |
85 // static | 85 // static |
86 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K
URL& url) | 86 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K
URL& url) |
87 { | 87 { |
88 if (!SchemeRegistry::shouldTreatURLSchemeAsRestrictingMixedContent(securityO
rigin->protocol())) | 88 if (!SchemeRegistry::shouldTreatURLSchemeAsRestrictingMixedContent(securityO
rigin->protocol())) |
89 return false; | 89 return false; |
90 | 90 |
91 // We're in a secure context, so |url| is mixed content if it's insecure. | 91 // |url| is mixed content if its origin is not potentially trustworthy, and |
92 return !SecurityOrigin::isSecure(url); | 92 // its protocol is not 'data'. |
| 93 bool isAllowed = url.protocolIsData() || SecurityOrigin::create(url)->isPote
ntiallyTrustworthy(); |
| 94 // TODO(mkwst): Remove this once 'localhost' is no longer considered potenti
ally trustworthy: |
| 95 if (isAllowed && url.protocolIs("http") && url.host() == "localhost") |
| 96 isAllowed = false; |
| 97 return !isAllowed; |
93 } | 98 } |
94 | 99 |
95 // static | 100 // static |
96 Frame* MixedContentChecker::inWhichFrameIsContentMixed(Frame* frame, WebURLReque
st::FrameType frameType, const KURL& url) | 101 Frame* MixedContentChecker::inWhichFrameIsContentMixed(Frame* frame, WebURLReque
st::FrameType frameType, const KURL& url) |
97 { | 102 { |
98 // We only care about subresource loads; top-level navigations cannot be mix
ed content. Neither can frameless requests. | 103 // We only care about subresource loads; top-level navigations cannot be mix
ed content. Neither can frameless requests. |
99 if (frameType == WebURLRequest::FrameTypeTopLevel || !frame) | 104 if (frameType == WebURLRequest::FrameTypeTopLevel || !frame) |
100 return nullptr; | 105 return nullptr; |
101 | 106 |
102 // Check the top frame first. | 107 // Check the top frame first. |
(...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
385 // See comment in shouldBlockFetch() about loading the main resource of a su
bframe. | 390 // See comment in shouldBlockFetch() about loading the main resource of a su
bframe. |
386 if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry
::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) { | 391 if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry
::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) { |
387 return WebMixedContent::ContextType::OptionallyBlockable; | 392 return WebMixedContent::ContextType::OptionallyBlockable; |
388 } | 393 } |
389 | 394 |
390 bool strictMixedContentCheckingForPlugin = mixedFrame->settings() && mixedFr
ame->settings()->strictMixedContentCheckingForPlugin(); | 395 bool strictMixedContentCheckingForPlugin = mixedFrame->settings() && mixedFr
ame->settings()->strictMixedContentCheckingForPlugin(); |
391 return WebMixedContent::contextTypeFromRequestContext(request.requestContext
(), strictMixedContentCheckingForPlugin); | 396 return WebMixedContent::contextTypeFromRequestContext(request.requestContext
(), strictMixedContentCheckingForPlugin); |
392 } | 397 } |
393 | 398 |
394 } // namespace blink | 399 } // namespace blink |
OLD | NEW |