| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 107 | 107 |
| 108 measureStricterVersionOfIsMixedContent(frame, url); | 108 measureStricterVersionOfIsMixedContent(frame, url); |
| 109 if (isMixedContent(frame->securityContext()->getSecurityOrigin(), url)) | 109 if (isMixedContent(frame->securityContext()->getSecurityOrigin(), url)) |
| 110 return frame; | 110 return frame; |
| 111 | 111 |
| 112 // No mixed content, no problem. | 112 // No mixed content, no problem. |
| 113 return nullptr; | 113 return nullptr; |
| 114 } | 114 } |
| 115 | 115 |
| 116 // static | 116 // static |
| 117 MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(Web
URLRequest::RequestContext context, Frame* frame) | |
| 118 { | |
| 119 switch (context) { | |
| 120 // "Optionally-blockable" mixed content | |
| 121 case WebURLRequest::RequestContextAudio: | |
| 122 case WebURLRequest::RequestContextFavicon: | |
| 123 case WebURLRequest::RequestContextImage: | |
| 124 case WebURLRequest::RequestContextVideo: | |
| 125 return ContextTypeOptionallyBlockable; | |
| 126 | |
| 127 // Plugins! Oh how dearly we love plugin-loaded content! | |
| 128 case WebURLRequest::RequestContextPlugin: { | |
| 129 Settings* settings = frame->settings(); | |
| 130 return settings && settings->strictMixedContentCheckingForPlugin() ? Con
textTypeBlockable : ContextTypeOptionallyBlockable; | |
| 131 } | |
| 132 | |
| 133 // "Blockable" mixed content | |
| 134 case WebURLRequest::RequestContextBeacon: | |
| 135 case WebURLRequest::RequestContextCSPReport: | |
| 136 case WebURLRequest::RequestContextEmbed: | |
| 137 case WebURLRequest::RequestContextEventSource: | |
| 138 case WebURLRequest::RequestContextFetch: | |
| 139 case WebURLRequest::RequestContextFont: | |
| 140 case WebURLRequest::RequestContextForm: | |
| 141 case WebURLRequest::RequestContextFrame: | |
| 142 case WebURLRequest::RequestContextHyperlink: | |
| 143 case WebURLRequest::RequestContextIframe: | |
| 144 case WebURLRequest::RequestContextImageSet: | |
| 145 case WebURLRequest::RequestContextImport: | |
| 146 case WebURLRequest::RequestContextLocation: | |
| 147 case WebURLRequest::RequestContextManifest: | |
| 148 case WebURLRequest::RequestContextObject: | |
| 149 case WebURLRequest::RequestContextPing: | |
| 150 case WebURLRequest::RequestContextScript: | |
| 151 case WebURLRequest::RequestContextServiceWorker: | |
| 152 case WebURLRequest::RequestContextSharedWorker: | |
| 153 case WebURLRequest::RequestContextStyle: | |
| 154 case WebURLRequest::RequestContextSubresource: | |
| 155 case WebURLRequest::RequestContextTrack: | |
| 156 case WebURLRequest::RequestContextWorker: | |
| 157 case WebURLRequest::RequestContextXMLHttpRequest: | |
| 158 case WebURLRequest::RequestContextXSLT: | |
| 159 return ContextTypeBlockable; | |
| 160 | |
| 161 // FIXME: Contexts that we should block, but don't currently. https://crbug.
com/388650 | |
| 162 case WebURLRequest::RequestContextDownload: | |
| 163 case WebURLRequest::RequestContextInternal: | |
| 164 case WebURLRequest::RequestContextPrefetch: | |
| 165 return ContextTypeShouldBeBlockable; | |
| 166 | |
| 167 case WebURLRequest::RequestContextUnspecified: | |
| 168 ASSERT_NOT_REACHED(); | |
| 169 } | |
| 170 ASSERT_NOT_REACHED(); | |
| 171 return ContextTypeBlockable; | |
| 172 } | |
| 173 | |
| 174 // static | |
| 175 const char* MixedContentChecker::typeNameFromContext(WebURLRequest::RequestConte
xt context) | |
| 176 { | |
| 177 switch (context) { | |
| 178 case WebURLRequest::RequestContextAudio: | |
| 179 return "audio file"; | |
| 180 case WebURLRequest::RequestContextBeacon: | |
| 181 return "Beacon endpoint"; | |
| 182 case WebURLRequest::RequestContextCSPReport: | |
| 183 return "Content Security Policy reporting endpoint"; | |
| 184 case WebURLRequest::RequestContextDownload: | |
| 185 return "download"; | |
| 186 case WebURLRequest::RequestContextEmbed: | |
| 187 return "plugin resource"; | |
| 188 case WebURLRequest::RequestContextEventSource: | |
| 189 return "EventSource endpoint"; | |
| 190 case WebURLRequest::RequestContextFavicon: | |
| 191 return "favicon"; | |
| 192 case WebURLRequest::RequestContextFetch: | |
| 193 return "resource"; | |
| 194 case WebURLRequest::RequestContextFont: | |
| 195 return "font"; | |
| 196 case WebURLRequest::RequestContextForm: | |
| 197 return "form action"; | |
| 198 case WebURLRequest::RequestContextFrame: | |
| 199 return "frame"; | |
| 200 case WebURLRequest::RequestContextHyperlink: | |
| 201 return "resource"; | |
| 202 case WebURLRequest::RequestContextIframe: | |
| 203 return "frame"; | |
| 204 case WebURLRequest::RequestContextImage: | |
| 205 return "image"; | |
| 206 case WebURLRequest::RequestContextImageSet: | |
| 207 return "image"; | |
| 208 case WebURLRequest::RequestContextImport: | |
| 209 return "HTML Import"; | |
| 210 case WebURLRequest::RequestContextInternal: | |
| 211 return "resource"; | |
| 212 case WebURLRequest::RequestContextLocation: | |
| 213 return "resource"; | |
| 214 case WebURLRequest::RequestContextManifest: | |
| 215 return "manifest"; | |
| 216 case WebURLRequest::RequestContextObject: | |
| 217 return "plugin resource"; | |
| 218 case WebURLRequest::RequestContextPing: | |
| 219 return "hyperlink auditing endpoint"; | |
| 220 case WebURLRequest::RequestContextPlugin: | |
| 221 return "plugin data"; | |
| 222 case WebURLRequest::RequestContextPrefetch: | |
| 223 return "prefetch resource"; | |
| 224 case WebURLRequest::RequestContextScript: | |
| 225 return "script"; | |
| 226 case WebURLRequest::RequestContextServiceWorker: | |
| 227 return "Service Worker script"; | |
| 228 case WebURLRequest::RequestContextSharedWorker: | |
| 229 return "Shared Worker script"; | |
| 230 case WebURLRequest::RequestContextStyle: | |
| 231 return "stylesheet"; | |
| 232 case WebURLRequest::RequestContextSubresource: | |
| 233 return "resource"; | |
| 234 case WebURLRequest::RequestContextTrack: | |
| 235 return "Text Track"; | |
| 236 case WebURLRequest::RequestContextUnspecified: | |
| 237 return "resource"; | |
| 238 case WebURLRequest::RequestContextVideo: | |
| 239 return "video"; | |
| 240 case WebURLRequest::RequestContextWorker: | |
| 241 return "Worker script"; | |
| 242 case WebURLRequest::RequestContextXMLHttpRequest: | |
| 243 return "XMLHttpRequest endpoint"; | |
| 244 case WebURLRequest::RequestContextXSLT: | |
| 245 return "XSLT"; | |
| 246 } | |
| 247 ASSERT_NOT_REACHED(); | |
| 248 return "resource"; | |
| 249 } | |
| 250 | |
| 251 // static | |
| 252 void MixedContentChecker::logToConsoleAboutFetch(LocalFrame* frame, const KURL&
mainResourceUrl, const KURL& url, WebURLRequest::RequestContext requestContext,
bool allowed) | 117 void MixedContentChecker::logToConsoleAboutFetch(LocalFrame* frame, const KURL&
mainResourceUrl, const KURL& url, WebURLRequest::RequestContext requestContext,
bool allowed) |
| 253 { | 118 { |
| 254 String message = String::format( | 119 String message = String::format( |
| 255 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an
insecure %s '%s'. %s", | 120 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an
insecure %s '%s'. %s", |
| 256 mainResourceUrl.elidedString().utf8().data(), typeNameFromContext(reques
tContext), url.elidedString().utf8().data(), | 121 mainResourceUrl.elidedString().utf8().data(), WebMixedContent::requestCo
ntextName(requestContext), url.elidedString().utf8().data(), |
| 257 allowed ? "This content should also be served over HTTPS." : "This reque
st has been blocked; the content must be served over HTTPS."); | 122 allowed ? "This content should also be served over HTTPS." : "This reque
st has been blocked; the content must be served over HTTPS."); |
| 258 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; | 123 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; |
| 259 frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageS
ource, messageLevel, message)); | 124 frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageS
ource, messageLevel, message)); |
| 260 } | 125 } |
| 261 | 126 |
| 262 // static | 127 // static |
| 263 void MixedContentChecker::count(Frame* frame, WebURLRequest::RequestContext requ
estContext) | 128 void MixedContentChecker::count(Frame* frame, WebURLRequest::RequestContext requ
estContext) |
| 264 { | 129 { |
| 265 UseCounter::count(frame, UseCounter::MixedContentPresent); | 130 UseCounter::count(frame, UseCounter::MixedContentPresent); |
| 266 | 131 |
| 267 // Roll blockable content up into a single counter, count unblocked types in
dividually so we | 132 // Roll blockable content up into a single counter, count unblocked types in
dividually so we |
| 268 // can determine when they can be safely moved to the blockable category: | 133 // can determine when they can be safely moved to the blockable category: |
| 269 ContextType contextType = contextTypeFromContext(requestContext, frame); | 134 WebMixedContent::ContextType contextType = WebMixedContent::contextTypeFromR
equestContext(requestContext, frame->settings()->strictMixedContentCheckingForPl
ugin()); |
| 270 if (contextType == ContextTypeBlockable) { | 135 if (contextType == WebMixedContent::ContextType::Blockable) { |
| 271 UseCounter::count(frame, UseCounter::MixedContentBlockable); | 136 UseCounter::count(frame, UseCounter::MixedContentBlockable); |
| 272 return; | 137 return; |
| 273 } | 138 } |
| 274 | 139 |
| 275 UseCounter::Feature feature; | 140 UseCounter::Feature feature; |
| 276 switch (requestContext) { | 141 switch (requestContext) { |
| 277 case WebURLRequest::RequestContextAudio: | 142 case WebURLRequest::RequestContextAudio: |
| 278 feature = UseCounter::MixedContentAudio; | 143 feature = UseCounter::MixedContentAudio; |
| 279 break; | 144 break; |
| 280 case WebURLRequest::RequestContextDownload: | 145 case WebURLRequest::RequestContextDownload: |
| (...skipping 12 matching lines...) Expand all Loading... |
| 293 feature = UseCounter::MixedContentPlugin; | 158 feature = UseCounter::MixedContentPlugin; |
| 294 break; | 159 break; |
| 295 case WebURLRequest::RequestContextPrefetch: | 160 case WebURLRequest::RequestContextPrefetch: |
| 296 feature = UseCounter::MixedContentPrefetch; | 161 feature = UseCounter::MixedContentPrefetch; |
| 297 break; | 162 break; |
| 298 case WebURLRequest::RequestContextVideo: | 163 case WebURLRequest::RequestContextVideo: |
| 299 feature = UseCounter::MixedContentVideo; | 164 feature = UseCounter::MixedContentVideo; |
| 300 break; | 165 break; |
| 301 | 166 |
| 302 default: | 167 default: |
| 303 ASSERT_NOT_REACHED(); | 168 NOTREACHED(); |
| 304 return; | 169 return; |
| 305 } | 170 } |
| 306 UseCounter::count(frame, feature); | 171 UseCounter::count(frame, feature); |
| 307 } | 172 } |
| 308 | 173 |
| 309 // static | 174 // static |
| 310 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req
uestContext requestContext, WebURLRequest::FrameType frameType, ResourceRequest:
:RedirectStatus redirectStatus, const KURL& url, MixedContentChecker::ReportingS
tatus reportingStatus) | 175 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req
uestContext requestContext, WebURLRequest::FrameType frameType, ResourceRequest:
:RedirectStatus redirectStatus, const KURL& url, MixedContentChecker::ReportingS
tatus reportingStatus) |
| 311 { | 176 { |
| 312 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); | 177 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); |
| 313 Frame* mixedFrame = inWhichFrameIsContentMixed(effectiveFrame, frameType, ur
l); | 178 Frame* mixedFrame = inWhichFrameIsContentMixed(effectiveFrame, frameType, ur
l); |
| 314 if (!mixedFrame) | 179 if (!mixedFrame) |
| 315 return false; | 180 return false; |
| 316 | 181 |
| 317 MixedContentChecker::count(mixedFrame, requestContext); | 182 MixedContentChecker::count(mixedFrame, requestContext); |
| 318 if (ContentSecurityPolicy* policy = frame->securityContext()->contentSecurit
yPolicy()) | 183 if (ContentSecurityPolicy* policy = frame->securityContext()->contentSecurit
yPolicy()) |
| 319 policy->reportMixedContent(url, redirectStatus); | 184 policy->reportMixedContent(url, redirectStatus); |
| 320 | 185 |
| 321 Settings* settings = mixedFrame->settings(); | 186 Settings* settings = mixedFrame->settings(); |
| 322 // Use the current local frame's client; the embedder doesn't | 187 // Use the current local frame's client; the embedder doesn't |
| 323 // distinguish mixed content signals from different frames on the | 188 // distinguish mixed content signals from different frames on the |
| 324 // same page. | 189 // same page. |
| 325 FrameLoaderClient* client = frame->loader().client(); | 190 FrameLoaderClient* client = frame->loader().client(); |
| 326 SecurityOrigin* securityOrigin = mixedFrame->securityContext()->getSecurityO
rigin(); | 191 SecurityOrigin* securityOrigin = mixedFrame->securityContext()->getSecurityO
rigin(); |
| 327 bool allowed = false; | 192 bool allowed = false; |
| 328 | 193 |
| 329 // If we're in strict mode, we'll automagically fail everything, and intenti
onally skip | 194 // If we're in strict mode, we'll automagically fail everything, and intenti
onally skip |
| 330 // the client checks in order to prevent degrading the site's security UI. | 195 // the client checks in order to prevent degrading the site's security UI. |
| 331 bool strictMode = mixedFrame->securityContext()->shouldEnforceStrictMixedCon
tentChecking() || settings->strictMixedContentChecking(); | 196 bool strictMode = mixedFrame->securityContext()->shouldEnforceStrictMixedCon
tentChecking() || settings->strictMixedContentChecking(); |
| 332 | 197 |
| 333 ContextType contextType = contextTypeFromContext(requestContext, mixedFrame)
; | 198 WebMixedContent::ContextType contextType = WebMixedContent::contextTypeFromR
equestContext(requestContext, settings->strictMixedContentCheckingForPlugin()); |
| 334 | 199 |
| 335 // If we're loading the main resource of a subframe, we need to take a close
look at the loaded URL. | 200 // If we're loading the main resource of a subframe, we need to take a close
look at the loaded URL. |
| 336 // If we're dealing with a CORS-enabled scheme, then block mixed frames as a
ctive content. Otherwise, | 201 // If we're dealing with a CORS-enabled scheme, then block mixed frames as a
ctive content. Otherwise, |
| 337 // treat frames as passive content. | 202 // treat frames as passive content. |
| 338 // | 203 // |
| 339 // FIXME: Remove this temporary hack once we have a reasonable API for launc
hing external applications | 204 // FIXME: Remove this temporary hack once we have a reasonable API for launc
hing external applications |
| 340 // via URLs. http://crbug.com/318788 and https://crbug.com/393481 | 205 // via URLs. http://crbug.com/318788 and https://crbug.com/393481 |
| 341 if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTr
eatURLSchemeAsCORSEnabled(url.protocol())) | 206 if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTr
eatURLSchemeAsCORSEnabled(url.protocol())) |
| 342 contextType = ContextTypeOptionallyBlockable; | 207 contextType = WebMixedContent::ContextType::OptionallyBlockable; |
| 343 | 208 |
| 344 switch (contextType) { | 209 switch (contextType) { |
| 345 case ContextTypeOptionallyBlockable: | 210 case WebMixedContent::ContextType::OptionallyBlockable: |
| 346 allowed = !strictMode && client->allowDisplayingInsecureContent(settings
&& settings->allowDisplayOfInsecureContent(), url); | 211 allowed = !strictMode && client->allowDisplayingInsecureContent(settings
&& settings->allowDisplayOfInsecureContent(), url); |
| 347 if (allowed) | 212 if (allowed) |
| 348 client->didDisplayInsecureContent(); | 213 client->didDisplayInsecureContent(); |
| 349 break; | 214 break; |
| 350 | 215 |
| 351 case ContextTypeBlockable: { | 216 case WebMixedContent::ContextType::Blockable: { |
| 352 // Strictly block subresources that are mixed with respect to | 217 // Strictly block subresources that are mixed with respect to |
| 353 // their subframes, unless all insecure content is allowed. This | 218 // their subframes, unless all insecure content is allowed. This |
| 354 // is to avoid the following situation: https://a.com embeds | 219 // is to avoid the following situation: https://a.com embeds |
| 355 // https://b.com, which loads a script over insecure HTTP. The | 220 // https://b.com, which loads a script over insecure HTTP. The |
| 356 // user opts to allow the insecure content, thinking that they are | 221 // user opts to allow the insecure content, thinking that they are |
| 357 // allowing an insecure script to run on https://a.com and not | 222 // allowing an insecure script to run on https://a.com and not |
| 358 // realizing that they are in fact allowing an insecure script on | 223 // realizing that they are in fact allowing an insecure script on |
| 359 // https://b.com. | 224 // https://b.com. |
| 360 if (!settings->allowRunningOfInsecureContent() && requestIsSubframeSubre
source(effectiveFrame, frameType) && isMixedContent(frame->securityContext()->ge
tSecurityOrigin(), url)) { | 225 if (!settings->allowRunningOfInsecureContent() && requestIsSubframeSubre
source(effectiveFrame, frameType) && isMixedContent(frame->securityContext()->ge
tSecurityOrigin(), url)) { |
| 361 UseCounter::count(mixedFrame, UseCounter::BlockableMixedContentInSub
frameBlocked); | 226 UseCounter::count(mixedFrame, UseCounter::BlockableMixedContentInSub
frameBlocked); |
| 362 allowed = false; | 227 allowed = false; |
| 363 break; | 228 break; |
| 364 } | 229 } |
| 365 | 230 |
| 366 bool shouldAskEmbedder = !strictMode && settings && (!settings->strictly
BlockBlockableMixedContent() || settings->allowRunningOfInsecureContent()); | 231 bool shouldAskEmbedder = !strictMode && settings && (!settings->strictly
BlockBlockableMixedContent() || settings->allowRunningOfInsecureContent()); |
| 367 allowed = shouldAskEmbedder && client->allowRunningInsecureContent(setti
ngs && settings->allowRunningOfInsecureContent(), securityOrigin, url); | 232 allowed = shouldAskEmbedder && client->allowRunningInsecureContent(setti
ngs && settings->allowRunningOfInsecureContent(), securityOrigin, url); |
| 368 if (allowed) { | 233 if (allowed) { |
| 369 client->didRunInsecureContent(securityOrigin, url); | 234 client->didRunInsecureContent(securityOrigin, url); |
| 370 UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllow
ed); | 235 UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllow
ed); |
| 371 } | 236 } |
| 372 break; | 237 break; |
| 373 } | 238 } |
| 374 | 239 |
| 375 case ContextTypeShouldBeBlockable: | 240 case WebMixedContent::ContextType::ShouldBeBlockable: |
| 376 allowed = !strictMode; | 241 allowed = !strictMode; |
| 377 if (allowed) | 242 if (allowed) |
| 378 client->didDisplayInsecureContent(); | 243 client->didDisplayInsecureContent(); |
| 379 break; | 244 break; |
| 380 case ContextTypeNotMixedContent: | 245 case WebMixedContent::ContextType::NotMixedContent: |
| 381 ASSERT_NOT_REACHED(); | 246 NOTREACHED(); |
| 382 break; | 247 break; |
| 383 }; | 248 }; |
| 384 | 249 |
| 385 if (reportingStatus == SendReport) | 250 if (reportingStatus == SendReport) |
| 386 logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url,
requestContext, allowed); | 251 logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url,
requestContext, allowed); |
| 387 return !allowed; | 252 return !allowed; |
| 388 } | 253 } |
| 389 | 254 |
| 390 // static | 255 // static |
| 391 void MixedContentChecker::logToConsoleAboutWebSocket(LocalFrame* frame, const KU
RL& mainResourceUrl, const KURL& url, bool allowed) | 256 void MixedContentChecker::logToConsoleAboutWebSocket(LocalFrame* frame, const KU
RL& mainResourceUrl, const KURL& url, bool allowed) |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 474 } | 339 } |
| 475 | 340 |
| 476 Frame* MixedContentChecker::effectiveFrameForFrameType(LocalFrame* frame, WebURL
Request::FrameType frameType) | 341 Frame* MixedContentChecker::effectiveFrameForFrameType(LocalFrame* frame, WebURL
Request::FrameType frameType) |
| 477 { | 342 { |
| 478 // If we're loading the main resource of a subframe, ensure that we check | 343 // If we're loading the main resource of a subframe, ensure that we check |
| 479 // against the parent of the active frame, rather than the frame itself. | 344 // against the parent of the active frame, rather than the frame itself. |
| 480 if (frameType != WebURLRequest::FrameTypeNested) | 345 if (frameType != WebURLRequest::FrameTypeNested) |
| 481 return frame; | 346 return frame; |
| 482 | 347 |
| 483 Frame* parentFrame = frame->tree().parent(); | 348 Frame* parentFrame = frame->tree().parent(); |
| 484 ASSERT(parentFrame); | 349 DCHECK(parentFrame); |
| 485 return parentFrame; | 350 return parentFrame; |
| 486 } | 351 } |
| 487 | 352 |
| 488 void MixedContentChecker::handleCertificateError(LocalFrame* frame, const Resour
ceResponse& response, WebURLRequest::FrameType frameType, WebURLRequest::Request
Context requestContext) | 353 void MixedContentChecker::handleCertificateError(LocalFrame* frame, const Resour
ceResponse& response, WebURLRequest::FrameType frameType, WebURLRequest::Request
Context requestContext) |
| 489 { | 354 { |
| 490 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); | 355 Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); |
| 491 if (frameType == WebURLRequest::FrameTypeTopLevel || !effectiveFrame) | 356 if (frameType == WebURLRequest::FrameTypeTopLevel || !effectiveFrame) |
| 492 return; | 357 return; |
| 493 | 358 |
| 494 // Use the current local frame's client; the embedder doesn't | 359 // Use the current local frame's client; the embedder doesn't |
| 495 // distinguish mixed content signals from different frames on the | 360 // distinguish mixed content signals from different frames on the |
| 496 // same page. | 361 // same page. |
| 497 FrameLoaderClient* client = frame->loader().client(); | 362 FrameLoaderClient* client = frame->loader().client(); |
| 498 ContextType contextType = MixedContentChecker::contextTypeFromContext(reques
tContext, effectiveFrame); | 363 bool strictMixedContentCheckingForPlugin = effectiveFrame->settings() && eff
ectiveFrame->settings()->strictMixedContentCheckingForPlugin(); |
| 499 if (contextType == ContextTypeBlockable) { | 364 WebMixedContent::ContextType contextType = WebMixedContent::contextTypeFromR
equestContext(requestContext, strictMixedContentCheckingForPlugin); |
| 365 if (contextType == WebMixedContent::ContextType::Blockable) { |
| 500 client->didRunContentWithCertificateErrors(response.url(), response.getS
ecurityInfo()); | 366 client->didRunContentWithCertificateErrors(response.url(), response.getS
ecurityInfo()); |
| 501 } else { | 367 } else { |
| 502 // contextTypeFromContext() never returns NotMixedContent (it | 368 // contextTypeFromRequestContext() never returns NotMixedContent (it |
| 503 // computes the type of mixed content, given that the content is | 369 // computes the type of mixed content, given that the content is |
| 504 // mixed). | 370 // mixed). |
| 505 ASSERT(contextType != ContextTypeNotMixedContent); | 371 DCHECK(contextType != WebMixedContent::ContextType::NotMixedContent); |
| 506 client->didDisplayContentWithCertificateErrors(response.url(), response.
getSecurityInfo()); | 372 client->didDisplayContentWithCertificateErrors(response.url(), response.
getSecurityInfo()); |
| 507 } | 373 } |
| 508 } | 374 } |
| 509 | 375 |
| 510 MixedContentChecker::ContextType MixedContentChecker::contextTypeForInspector(Lo
calFrame* frame, const ResourceRequest& request) | 376 WebMixedContent::ContextType MixedContentChecker::contextTypeForInspector(LocalF
rame* frame, const ResourceRequest& request) |
| 511 { | 377 { |
| 512 Frame* effectiveFrame = effectiveFrameForFrameType(frame, request.frameType(
)); | 378 Frame* effectiveFrame = effectiveFrameForFrameType(frame, request.frameType(
)); |
| 513 | 379 |
| 514 Frame* mixedFrame = inWhichFrameIsContentMixed(effectiveFrame, request.frame
Type(), request.url()); | 380 Frame* mixedFrame = inWhichFrameIsContentMixed(effectiveFrame, request.frame
Type(), request.url()); |
| 515 if (!mixedFrame) | 381 if (!mixedFrame) |
| 516 return ContextTypeNotMixedContent; | 382 return WebMixedContent::ContextType::NotMixedContent; |
| 517 | 383 |
| 518 // See comment in shouldBlockFetch() about loading the main resource of a su
bframe. | 384 // See comment in shouldBlockFetch() about loading the main resource of a su
bframe. |
| 519 if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry
::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) { | 385 if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry
::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) { |
| 520 return ContextTypeOptionallyBlockable; | 386 return WebMixedContent::ContextType::OptionallyBlockable; |
| 521 } | 387 } |
| 522 | 388 |
| 523 return contextTypeFromContext(request.requestContext(), mixedFrame); | 389 bool strictMixedContentCheckingForPlugin = mixedFrame->settings() && mixedFr
ame->settings()->strictMixedContentCheckingForPlugin(); |
| 390 return WebMixedContent::contextTypeFromRequestContext(request.requestContext
(), strictMixedContentCheckingForPlugin); |
| 524 } | 391 } |
| 525 | 392 |
| 526 } // namespace blink | 393 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2050553003:
Moves Blink mixed content enums and helper methods to public. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master