Chromium Code Reviews Chromium Code Reviews
Issue 23437013:
Consider "mixed content XHR" as mixed script instead of mixed display. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) | 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) |
| 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) | 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) |
| 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) | 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) |
| 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. | 5 Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved. |
| 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ | 6 Copyright (C) 2009 Torch Mobile Inc. http://www.torchmobile.com/ |
| 7 | 7 |
| 8 This library is free software; you can redistribute it and/or | 8 This library is free software; you can redistribute it and/or |
| 9 modify it under the terms of the GNU Library General Public | 9 modify it under the terms of the GNU Library General Public |
| 10 License as published by the Free Software Foundation; either | 10 License as published by the Free Software Foundation; either |
| (...skipping 284 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 295 ResourcePtr<RawResource> ResourceFetcher::fetchRawResource(FetchRequest& request ) | 295 ResourcePtr<RawResource> ResourceFetcher::fetchRawResource(FetchRequest& request ) |
| 296 { | 296 { |
| 297 return static_cast<RawResource*>(requestResource(Resource::Raw, request).get ()); | 297 return static_cast<RawResource*>(requestResource(Resource::Raw, request).get ()); |
| 298 } | 298 } |
| 299 | 299 |
| 300 ResourcePtr<RawResource> ResourceFetcher::fetchMainResource(FetchRequest& reques t) | 300 ResourcePtr<RawResource> ResourceFetcher::fetchMainResource(FetchRequest& reques t) |
| 301 { | 301 { |
| 302 return static_cast<RawResource*>(requestResource(Resource::MainResource, req uest).get()); | 302 return static_cast<RawResource*>(requestResource(Resource::MainResource, req uest).get()); |
| 303 } | 303 } |
| 304 | 304 |
| 305 bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url) const | 305 bool ResourceFetcher::checkInsecureContent(Resource::Type type, const KURL& url, MixedRawContentBlockingOption mixedRawContentBlockingOption) const |
| 306 { | 306 { |
| 307 bool checkAsActiveContent = false; | |
| 308 bool checkAsPassiveContent = false; | |
| 309 | |
| 307 switch (type) { | 310 switch (type) { |
| 308 case Resource::Script: | 311 case Resource::Script: |
| 309 case Resource::XSLStyleSheet: | 312 case Resource::XSLStyleSheet: |
| 310 case Resource::SVGDocument: | 313 case Resource::SVGDocument: |
| 311 case Resource::CSSStyleSheet: | 314 case Resource::CSSStyleSheet: |
| 312 case Resource::ImportResource: | 315 case Resource::ImportResource: |
| 313 // These resource can inject script into the current document (Script, | 316 // These resource can inject script into the current document (Script, |
| 314 // XSL) or exfiltrate the content of the current document (CSS). | 317 // XSL) or exfiltrate the content of the current document (CSS). |
| 318 checkAsActiveContent = true; | |
| 319 break; | |
| 320 | |
| 321 case Resource::TextTrack: | |
| 322 case Resource::Shader: | |
| 323 case Resource::Image: | |
| 324 case Resource::Font: | |
| 325 // These resources can corrupt only the frame's pixels. | |
| 326 checkAsPassiveContent = true; | |
| 327 break; | |
| 328 | |
| 329 case Resource::Raw: | |
| 330 // These resources could be either. Check the option for clarification. | |
| 331 if (mixedRawContentBlockingOption == TreatAsActiveContent) | |
| 332 checkAsActiveContent = true; | |
| 333 else | |
| 334 checkAsPassiveContent = true; | |
| 335 break; | |
| 336 | |
| 337 case Resource::MainResource: | |
| 338 case Resource::LinkPrefetch: | |
| 339 case Resource::LinkSubresource: | |
| 340 // These cannot affect the current document. | |
| 341 break; | |
| 342 } | |
| 343 | |
| 344 if (checkAsActiveContent) { | |
| 315 if (Frame* f = frame()) { | 345 if (Frame* f = frame()) { |
| 316 if (!f->loader()->mixedContentChecker()->canRunInsecureContent(m_doc ument->securityOrigin(), url)) | 346 if (!f->loader()->mixedContentChecker()->canRunInsecureContent(m_doc ument->securityOrigin(), url)) |
| 317 return false; | 347 return false; |
| 318 } | 348 } |
| 319 | 349 } |
|
abarth-chromium
2013/08/30 06:37:08
Should this be "else if" ? I don't think we ever
| |
| 320 break; | 350 if (checkAsPassiveContent) { |
| 321 case Resource::TextTrack: | |
| 322 case Resource::Shader: | |
| 323 case Resource::Raw: | |
| 324 case Resource::Image: | |
| 325 case Resource::Font: { | |
| 326 // These resources can corrupt only the frame's pixels. | |
| 327 if (Frame* f = frame()) { | 351 if (Frame* f = frame()) { |
| 328 Frame* top = f->tree()->top(); | 352 Frame* top = f->tree()->top(); |
| 329 if (!top->loader()->mixedContentChecker()->canDisplayInsecureContent (top->document()->securityOrigin(), url)) | 353 if (!top->loader()->mixedContentChecker()->canDisplayInsecureContent (top->document()->securityOrigin(), url)) |
| 330 return false; | 354 return false; |
| 331 } | 355 } |
| 332 break; | |
| 333 } | |
| 334 case Resource::MainResource: | |
| 335 case Resource::LinkPrefetch: | |
| 336 case Resource::LinkSubresource: | |
| 337 // Prefetch cannot affect the current document. | |
| 338 break; | |
| 339 } | 356 } |
| 340 return true; | 357 return true; |
| 341 } | 358 } |
| 342 | 359 |
| 343 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res ourceLoaderOptions& options, bool forPreload) | 360 bool ResourceFetcher::canRequest(Resource::Type type, const KURL& url, const Res ourceLoaderOptions& options, bool forPreload) |
| 344 { | 361 { |
| 345 if (document() && !document()->securityOrigin()->canDisplay(url)) { | 362 if (document() && !document()->securityOrigin()->canDisplay(url)) { |
| 346 if (!forPreload) | 363 if (!forPreload) |
| 347 FrameLoader::reportLocalLoadFailed(frame(), url.elidedString()); | 364 FrameLoader::reportLocalLoadFailed(frame(), url.elidedString()); |
| 348 LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not allow ed by SecurityOrigin::canDisplay"); | 365 LOG(ResourceLoading, "ResourceFetcher::requestResource URL was not allow ed by SecurityOrigin::canDisplay"); |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 428 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentS ecurityPolicy()->allowMediaFromSource(url)) | 445 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentS ecurityPolicy()->allowMediaFromSource(url)) |
| 429 return false; | 446 return false; |
| 430 break; | 447 break; |
| 431 } | 448 } |
| 432 | 449 |
| 433 // Last of all, check for insecure content. We do this last so that when | 450 // Last of all, check for insecure content. We do this last so that when |
| 434 // folks block insecure content with a CSP policy, they don't get a warning. | 451 // folks block insecure content with a CSP policy, they don't get a warning. |
| 435 // They'll still get a warning in the console about CSP blocking the load. | 452 // They'll still get a warning in the console about CSP blocking the load. |
| 436 | 453 |
| 437 // FIXME: Should we consider forPreload here? | 454 // FIXME: Should we consider forPreload here? |
| 438 if (!checkInsecureContent(type, url)) | 455 if (!checkInsecureContent(type, url, options.mixedRawContentBlockingOption)) |
| 439 return false; | 456 return false; |
| 440 | 457 |
| 441 return true; | 458 return true; |
| 442 } | 459 } |
| 443 | 460 |
| 444 bool ResourceFetcher::canAccess(Resource* resource) | 461 bool ResourceFetcher::canAccess(Resource* resource) |
| 445 { | 462 { |
| 446 // Redirects can change the response URL different from one of request. | 463 // Redirects can change the response URL different from one of request. |
| 447 if (!canRequest(resource->type(), resource->response().url(), resource->opti ons(), false)) | 464 if (!canRequest(resource->type(), resource->response().url(), resource->opti ons(), false)) |
| 448 return false; | 465 return false; |
| (...skipping 838 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1287 } | 1304 } |
| 1288 #endif | 1305 #endif |
| 1289 | 1306 |
| 1290 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() | 1307 const ResourceLoaderOptions& ResourceFetcher::defaultResourceOptions() |
| 1291 { | 1308 { |
| 1292 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul tOriginRestrictionsForType, DocumentContext)); | 1309 DEFINE_STATIC_LOCAL(ResourceLoaderOptions, options, (SendCallbacks, SniffCon tent, BufferData, AllowStoredCredentials, ClientRequestedCredentials, AskClientF orCrossOriginCredentials, DoSecurityCheck, CheckContentSecurityPolicy, UseDefaul tOriginRestrictionsForType, DocumentContext)); |
| 1293 return options; | 1310 return options; |
| 1294 } | 1311 } |
| 1295 | 1312 |
| 1296 } | 1313 } |
| OLD | NEW |
