Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(2795)

Issue 222153002: Disallow connecting an insecure WebSocket from a secure page. (Closed)

Created:
6 years, 4 months ago by tyoshino (SeeGerritForStatus)
Modified:
6 years, 3 months ago
Reviewers:
yhirano
CC:
blink-reviews
Visibility:
Public.

Description

Disallow connecting an insecure WebSocket from a secure page. This is revised version of yhirano@'s patch: https://src.chromium.org/viewvc/blink?revision=165922&view=revision The check is done inside MainThreadWebSocketChannel/NewWebSocketChannelImpl since it's easy to access the LocalFrame instance. A worker test is added to ensure it works even in a worker. BUG=85271 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=172727

Patch Set 1 #

Patch Set 2 : Add layouttests #

Patch Set 3 : Updated expectation #

Patch Set 4 : Update expectation #

Total comments: 2

Patch Set 5 : Rebase, Addressed #2 #

Total comments: 4

Patch Set 6 : Addressed #5 #

Patch Set 7 : Rebease #

Patch Set 8 : Use canConnectInsecureWebSocket() #

Patch Set 9 : Rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+290 lines, -36 lines) Patch
M LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html View 1 2 3 4 1 chunk +19 lines, -14 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-allowed.html View 1 2 3 4 1 chunk +31 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-allowed-expected.txt View 1 2 3 4 1 chunk +7 lines, -0 lines 0 comments Download
M LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-expected.txt View 1 2 3 4 1 chunk +6 lines, -2 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-worker.html View 1 2 3 4 1 chunk +30 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-worker-allowed.html View 1 2 3 4 1 chunk +30 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-worker-allowed-expected.txt View 1 2 3 4 1 chunk +7 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-worker-expected.txt View 1 2 3 4 1 chunk +6 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.html View 1 2 3 4 1 chunk +7 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js View 1 2 3 4 5 1 chunk +29 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction-worker.html View 1 2 3 4 1 chunk +15 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-throw-on-construction.html View 1 2 3 4 1 chunk +7 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-throw-on-construction.js View 1 2 3 4 5 1 chunk +16 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-throw-on-construction-worker.html View 1 2 3 4 1 chunk +15 lines, -0 lines 0 comments Download
M Source/modules/websockets/MainThreadWebSocketChannel.h View 1 chunk +1 line, -1 line 0 comments Download
M Source/modules/websockets/MainThreadWebSocketChannel.cpp View 1 2 3 4 5 6 7 3 chunks +11 lines, -1 line 0 comments Download
M Source/modules/websockets/NewWebSocketChannelImpl.h View 1 chunk +1 line, -1 line 0 comments Download
M Source/modules/websockets/NewWebSocketChannelImpl.cpp View 1 2 3 4 5 6 7 3 chunks +14 lines, -2 lines 0 comments Download
M Source/modules/websockets/WebSocket.cpp View 1 2 3 4 5 6 7 8 2 chunks +7 lines, -6 lines 0 comments Download
M Source/modules/websockets/WebSocketChannel.h View 1 chunk +1 line, -1 line 0 comments Download
M Source/modules/websockets/WorkerThreadableWebSocketChannel.h View 1 2 3 4 5 6 2 chunks +2 lines, -2 lines 0 comments Download
M Source/modules/websockets/WorkerThreadableWebSocketChannel.cpp View 1 2 3 4 7 chunks +25 lines, -6 lines 0 comments Download
M Tools/Scripts/webkitpy/layout_tests/port/base.py View 1 2 3 4 5 6 1 chunk +3 lines, -0 lines 0 comments Download

Messages

Total messages: 14 (0 generated)
tyoshino (SeeGerritForStatus)
6 years, 4 months ago (2014-04-02 13:08:41 UTC) #1
yhirano
lgtm https://codereview.chromium.org/222153002/diff/60001/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html File LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html (right): https://codereview.chromium.org/222153002/diff/60001/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html#newcode9 LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html:9: testRunner.overridePreference("WebKitAllowRunningInsecureContent", false); Can you add a test that ...
6 years, 4 months ago (2014-04-03 04:53:13 UTC) #2
tyoshino (SeeGerritForStatus)
https://codereview.chromium.org/222153002/diff/60001/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html File LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html (right): https://codereview.chromium.org/222153002/diff/60001/LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html#newcode9 LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page.html:9: testRunner.overridePreference("WebKitAllowRunningInsecureContent", false); On 2014/04/03 04:53:14, yhirano wrote: > Can ...
6 years, 4 months ago (2014-04-11 19:27:21 UTC) #3
tyoshino (SeeGerritForStatus)
Hirano-san, since the diff is big, I'd like you to take a look again. Thanks!
6 years, 3 months ago (2014-04-15 01:48:11 UTC) #4
yhirano
lgtm https://codereview.chromium.org/222153002/diff/80001/LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js File LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js (right): https://codereview.chromium.org/222153002/diff/80001/LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js#newcode14 LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js:14: reject("Unexpected error event"); message event https://codereview.chromium.org/222153002/diff/80001/LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-throw-on-construction.js File LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-throw-on-construction.js ...
6 years, 3 months ago (2014-04-15 04:19:39 UTC) #5
tyoshino (SeeGerritForStatus)
Thanks https://codereview.chromium.org/222153002/diff/80001/LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js File LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js (right): https://codereview.chromium.org/222153002/diff/80001/LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js#newcode14 LayoutTests/http/tests/security/mixedContent/websocket/resources/expect-successful-construction.js:14: reject("Unexpected error event"); On 2014/04/15 04:19:39, yhirano wrote: ...
6 years, 3 months ago (2014-04-15 05:14:57 UTC) #6
tyoshino (SeeGerritForStatus)
Updated to use canConnectInsecureWebSocket() introduced by http://src.chromium.org/viewvc/blink?view=revision&revision=172454
6 years, 3 months ago (2014-04-24 06:05:47 UTC) #7
tyoshino (SeeGerritForStatus)
The CQ bit was checked by tyoshino@chromium.org
6 years, 3 months ago (2014-04-28 04:46:48 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tyoshino@chromium.org/222153002/150001
6 years, 3 months ago (2014-04-28 04:47:29 UTC) #9
commit-bot: I haz the power
The CQ bit was unchecked by commit-bot@chromium.org
6 years, 3 months ago (2014-04-28 05:22:10 UTC) #10
commit-bot: I haz the power
Try jobs failed on following builders: tryserver.blink on mac_blink_rel
6 years, 3 months ago (2014-04-28 05:22:10 UTC) #11
tyoshino (SeeGerritForStatus)
The CQ bit was checked by tyoshino@chromium.org
6 years, 3 months ago (2014-04-28 05:30:49 UTC) #12
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tyoshino@chromium.org/222153002/150001
6 years, 3 months ago (2014-04-28 05:31:24 UTC) #13
commit-bot: I haz the power
6 years, 3 months ago (2014-04-28 05:59:18 UTC) #14
Message was sent while issue was closed.
Change committed as 172727

Powered by Google App Engine
This is Rietveld 408576698