Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(528)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/ssl/ssl_policy.cc

Issue 2226523002: Add separate plumbing for subresources with certificate errors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix typo Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/ssl/ssl_policy.h ('k') | content/browser/ssl/ssl_policy_backend.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/ssl/ssl_policy.h" 5 #include "content/browser/ssl/ssl_policy.h"
6 6
7 #include "base/base_switches.h" 7 #include "base/base_switches.h"
8 #include "base/bind.h" 8 #include "base/bind.h"
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/memory/singleton.h" 10 #include "base/memory/singleton.h"
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
110 return; 110 return;
111 111
112 SiteInstance* site_instance = entry->site_instance(); 112 SiteInstance* site_instance = entry->site_instance();
113 if (!site_instance) 113 if (!site_instance)
114 return; 114 return;
115 115
116 backend_->HostRanInsecureContent(security_origin.host(), 116 backend_->HostRanInsecureContent(security_origin.host(),
117 site_instance->GetProcess()->GetID()); 117 site_instance->GetProcess()->GetID());
118 } 118 }
119 119
120 void SSLPolicy::DidRunContentWithCertificateErrors(
121 NavigationEntryImpl* entry,
122 const GURL& security_origin) {
123 if (!entry)
124 return;
125
126 SiteInstance* site_instance = entry->site_instance();
127 if (!site_instance)
128 return;
129
130 backend_->HostRanContentWithCertificateErrors(
131 security_origin.host(), site_instance->GetProcess()->GetID());
132 }
133
120 void SSLPolicy::OnRequestStarted(const GURL& url, 134 void SSLPolicy::OnRequestStarted(const GURL& url,
121 int cert_id, 135 int cert_id,
122 net::CertStatus cert_status) { 136 net::CertStatus cert_status) {
123 if (cert_id && url.SchemeIsCryptographic() && 137 if (cert_id && url.SchemeIsCryptographic() &&
124 !net::IsCertStatusError(cert_status)) { 138 !net::IsCertStatusError(cert_status)) {
125 // If the scheme is https: or wss: *and* the security info for the 139 // If the scheme is https: or wss: *and* the security info for the
126 // cert has been set (i.e. the cert id is not 0) and the cert did 140 // cert has been set (i.e. the cert id is not 0) and the cert did
127 // not have any errors, revoke any previous decisions that 141 // not have any errors, revoke any previous decisions that
128 // have occurred. If the cert info has not been set, do nothing since it 142 // have occurred. If the cert info has not been set, do nothing since it
129 // isn't known if the connection was actually a valid connection or if it 143 // isn't known if the connection was actually a valid connection or if it
(...skipping 19 matching lines...) Expand all
149 163
150 if (entry->GetSSL().security_style == SECURITY_STYLE_UNAUTHENTICATED) 164 if (entry->GetSSL().security_style == SECURITY_STYLE_UNAUTHENTICATED)
151 return; 165 return;
152 166
153 if (!web_contents->DisplayedInsecureContent()) 167 if (!web_contents->DisplayedInsecureContent())
154 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT; 168 entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT;
155 169
156 if (web_contents->DisplayedInsecureContent()) 170 if (web_contents->DisplayedInsecureContent())
157 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT; 171 entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT;
158 172
173 if (!web_contents->DisplayedContentWithCertificateErrors())
174 entry->GetSSL().content_status &=
175 ~SSLStatus::DISPLAYED_CONTENT_WITH_CERTIFICATE_ERRORS;
176
177 if (web_contents->DisplayedContentWithCertificateErrors())
178 entry->GetSSL().content_status |=
179 SSLStatus::DISPLAYED_CONTENT_WITH_CERTIFICATE_ERRORS;
180
159 if (entry->GetSSL().security_style == SECURITY_STYLE_AUTHENTICATION_BROKEN) 181 if (entry->GetSSL().security_style == SECURITY_STYLE_AUTHENTICATION_BROKEN)
160 return; 182 return;
161 183
162 SiteInstance* site_instance = entry->site_instance(); 184 SiteInstance* site_instance = entry->site_instance();
163 // Note that |site_instance| can be NULL here because NavigationEntries don't 185 // Note that |site_instance| can be NULL here because NavigationEntries don't
164 // necessarily have site instances. Without a process, the entry can't 186 // necessarily have site instances. Without a process, the entry can't
165 // possibly have insecure content. See bug http://crbug.com/12423. 187 // possibly have insecure content. See bug http://crbug.com/12423.
166 if (site_instance && 188 if (!site_instance)
167 backend_->DidHostRunInsecureContent( 189 return;
190
191 if (backend_->DidHostRunInsecureContent(
168 entry->GetURL().host(), site_instance->GetProcess()->GetID())) { 192 entry->GetURL().host(), site_instance->GetProcess()->GetID())) {
169 entry->GetSSL().security_style = 193 entry->GetSSL().security_style =
170 SECURITY_STYLE_AUTHENTICATION_BROKEN; 194 SECURITY_STYLE_AUTHENTICATION_BROKEN;
171 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT; 195 entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT;
196 }
197
198 if (backend_->DidHostRunContentWithCertificateErrors(
199 entry->GetURL().host(), site_instance->GetProcess()->GetID())) {
200 entry->GetSSL().security_style = SECURITY_STYLE_AUTHENTICATION_BROKEN;
201 entry->GetSSL().content_status |=
202 SSLStatus::RAN_CONTENT_WITH_CERTIFICATE_ERRORS;
172 return; 203 return;
173 } 204 }
174 } 205 }
175 206
176 // Static 207 // Static
177 SecurityStyle SSLPolicy::GetSecurityStyleForResource( 208 SecurityStyle SSLPolicy::GetSecurityStyleForResource(
178 const GURL& url, 209 const GURL& url,
179 int cert_id, 210 int cert_id,
180 net::CertStatus cert_status) { 211 net::CertStatus cert_status) {
181 // An HTTPS response may not have a certificate for some reason. When that 212 // An HTTPS response may not have a certificate for some reason. When that
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after
259 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status); 290 entry->GetURL(), entry->GetSSL().cert_id, entry->GetSSL().cert_status);
260 } 291 }
261 292
262 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { 293 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
263 GURL parsed_origin(origin); 294 GURL parsed_origin(origin);
264 if (parsed_origin.SchemeIsCryptographic()) 295 if (parsed_origin.SchemeIsCryptographic())
265 backend_->HostRanInsecureContent(parsed_origin.host(), pid); 296 backend_->HostRanInsecureContent(parsed_origin.host(), pid);
266 } 297 }
267 298
268 } // namespace content 299 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/ssl/ssl_policy.h ('k') | content/browser/ssl/ssl_policy_backend.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698