Prevent mixed content iframes on back/forward.

third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

 /*
  * Copyright (C) 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 185 matching lines @@
     // Use the current local frame's client; the embedder doesn't
     // distinguish mixed content signals from different frames on the
     // same page.
     FrameLoaderClient* client = frame->loader().client();
     SecurityOrigin* securityOrigin = mixedFrame->securityContext()->getSecurityOrigin();
     bool allowed = false;
 
     // If we're in strict mode, we'll automagically fail everything, and intentionally skip
     // the client checks in order to prevent degrading the site's security UI.
     bool strictMode = mixedFrame->securityContext()->getInsecureRequestPolicy() & kBlockAllMixedContent || settings->strictMixedContentChecking();
+    DLOG(INFO) << "MCC:shouldBlockFetch for "<< url.getString() << ", strictMode? " << strictMode <<
+        ", requestContext: " << requestContext;

[Charlie Reis, 2016/08/01 23:39:16]

Ignore all these DLOGs-- I'll remove them before we land anything.

 
     WebMixedContent::ContextType contextType = WebMixedContent::contextTypeFromRequestContext(requestContext, settings->strictMixedContentCheckingForPlugin());
 
     // If we're loading the main resource of a subframe, we need to take a close look at the loaded URL.
     // If we're dealing with a CORS-enabled scheme, then block mixed frames as active content. Otherwise,
     // treat frames as passive content.
     //
     // FIXME: Remove this temporary hack once we have a reasonable API for launching external applications
     // via URLs. http://crbug.com/318788 and https://crbug.com/393481
     if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol()))
         contextType = WebMixedContent::ContextType::OptionallyBlockable;
 
     switch (contextType) {
     case WebMixedContent::ContextType::OptionallyBlockable:
         allowed = !strictMode && client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), url);
+        DLOG(INFO) << "MCC: OptionallyBlockable says " << allowed;
         if (allowed)
             client->didDisplayInsecureContent();
         break;
 
     case WebMixedContent::ContextType::Blockable: {
         // Strictly block subresources that are mixed with respect to
         // their subframes, unless all insecure content is allowed. This
         // is to avoid the following situation: https://a.com embeds
         // https://b.com, which loads a script over insecure HTTP. The
         // user opts to allow the insecure content, thinking that they are
         // allowing an insecure script to run on https://a.com and not
         // realizing that they are in fact allowing an insecure script on
         // https://b.com.
+        DLOG(INFO) << "MCC: Blockable...";
         if (!settings->allowRunningOfInsecureContent() && requestIsSubframeSubresource(effectiveFrame, frameType) && isMixedContent(frame->securityContext()->getSecurityOrigin(), url)) {
+            DLOG(INFO) << "MCC: Settings says not allowed.";
             UseCounter::count(mixedFrame, UseCounter::BlockableMixedContentInSubframeBlocked);
             allowed = false;
             break;
         }
 
         bool shouldAskEmbedder = !strictMode && settings && (!settings->strictlyBlockBlockableMixedContent() || settings->allowRunningOfInsecureContent());
         allowed = shouldAskEmbedder && client->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), securityOrigin, url);
+        DLOG(INFO) << "MCC: shouldAskEmbedder: " << shouldAskEmbedder << ", allowed: " << allowed;
         if (allowed) {
+            DLOG(INFO) << "MCC: Client says allowed.";
             client->didRunInsecureContent(securityOrigin, url);
             UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllowed);
         }
         break;
     }
 
     case WebMixedContent::ContextType::ShouldBeBlockable:
+        DLOG(INFO) << "MCC: ShouldBeBlockable";
         allowed = !strictMode;
         if (allowed)
             client->didDisplayInsecureContent();
         break;
     case WebMixedContent::ContextType::NotMixedContent:
         NOTREACHED();
         break;
     };
 
+    DLOG(INFO) << "MCC: allowed: " << allowed;
     if (reportingStatus == SendReport)
         logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, requestContext, allowed);
     return !allowed;
 }
 
 // static
 void MixedContentChecker::logToConsoleAboutWebSocket(LocalFrame* frame, const KURL& mainResourceUrl, const KURL& url, bool allowed)
 {
     String message = String::format(
         "Mixed Content: The page at '%s' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint '%s'. %s",
@@ skipping 124 matching lines @@
     // See comment in shouldBlockFetch() about loading the main resource of a subframe.
     if (request.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(request.url().protocol())) {
         return WebMixedContent::ContextType::OptionallyBlockable;
     }
 
     bool strictMixedContentCheckingForPlugin = mixedFrame->settings() && mixedFrame->settings()->strictMixedContentCheckingForPlugin();
     return WebMixedContent::contextTypeFromRequestContext(request.requestContext(), strictMixedContentCheckingForPlugin);
 }
 
 } // namespace blink