Disallow connecting an insecure WebSocket from a secure page.

Source/modules/websockets/WebSocket.cpp

 /*
  * Copyright (C) 2011 Google Inc.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 283 matching lines @@
     if (!m_url.isValid()) {
         m_state = CLOSED;
         exceptionState.throwDOMException(SyntaxError, "The URL '" + url + "' is invalid.");
         return;
     }
     if (!m_url.protocolIs("ws") && !m_url.protocolIs("wss")) {
         m_state = CLOSED;
         exceptionState.throwDOMException(SyntaxError, "The URL's scheme must be either 'ws' or 'wss'. '" + m_url.protocol() + "' is not allowed.");
         return;
     }
-    if (MixedContentChecker::isMixedContent(executionContext()->securityOrigin(), m_url)) {
-        // FIXME: Throw an exception and close the connection.
-        String message = "Connecting to a non-secure WebSocket server from a secure origin is deprecated.";
-        executionContext()->addConsoleMessage(JSMessageSource, WarningMessageLevel, message);
-    }
+
     if (m_url.hasFragmentIdentifier()) {
         m_state = CLOSED;
         exceptionState.throwDOMException(SyntaxError, "The URL contains a fragment identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are not allowed in WebSocket URLs.");
         return;
     }
     if (!portAllowed(m_url)) {
         m_state = CLOSED;
         exceptionState.throwSecurityError("The port " + String::number(m_url.port()) + " is not allowed.");
         return;
     }
@@ skipping 28 matching lines @@
             exceptionState.throwDOMException(SyntaxError, "The subprotocol '" + encodeSubprotocolString(protocols[i]) + "' is duplicated.");
             releaseChannel();
             return;
         }
     }
 
     String protocolString;
     if (!protocols.isEmpty())
         protocolString = joinStrings(protocols, subProtocolSeperator());
 
-    m_channel->connect(m_url, protocolString);
+    if (!m_channel->connect(m_url, protocolString)) {
+        m_state = CLOSED;
+        exceptionState.throwSecurityError("An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.");
+        releaseChannel();
+        return;
+    }
 }
 
 void WebSocket::handleSendResult(WebSocketChannel::SendResult result, ExceptionState& exceptionState, WebSocketSendType dataType)
 {
     switch (result) {
     case WebSocketChannel::InvalidMessage:
         exceptionState.throwDOMException(SyntaxError, "The message contains invalid characters.");
         return;
     case WebSocketChannel::SendFail:
         logError("WebSocket send() failed.");
@@ skipping 308 matching lines @@
     static const size_t minimumPayloadSizeWithEightByteExtendedPayloadLength = 0x10000;
     size_t overhead = hybiBaseFramingOverhead + hybiMaskingKeyLength;
     if (payloadSize >= minimumPayloadSizeWithEightByteExtendedPayloadLength)
         overhead += 8;
     else if (payloadSize >= minimumPayloadSizeWithTwoByteExtendedPayloadLength)
         overhead += 2;
     return overhead;
 }
 
 } // namespace WebCore