Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(211)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/child/web_url_loader_impl.cc

Issue 2400673003: Remove SSLStatus::security_style member and content::SecurityStyle (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« components/security_state/security_state_model.cc ('K') | « content/browser/web_contents/web_contents_impl_unittest.cc ('k') | content/common/BUILD.gn » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/web_url_loader_impl.cc
diff --git a/content/child/web_url_loader_impl.cc b/content/child/web_url_loader_impl.cc
index 11431b1e48ed683d7ac312a451601c97c8a86303..7e0facb674237e2e7d6bb079aa99ba4612632b9f 100644
--- a/content/child/web_url_loader_impl.cc
+++ b/content/child/web_url_loader_impl.cc
@@ -34,7 +34,6 @@
#include "content/common/resource_messages.h"
#include "content/common/resource_request.h"
#include "content/common/resource_request_body_impl.h"
-#include "content/common/security_style_util.h"
#include "content/common/service_worker/service_worker_types.h"
#include "content/common/url_loader.mojom.h"
#include "content/public/child/fixed_received_data.h"
@@ -98,6 +97,29 @@ const char* const kReplaceHeaders[] = {
using HeadersVector = ResourceDevToolsInfo::HeadersVector;
+// TODO(estark): Figure out a way for the embedder to provide the
+// security style for a resource. Ideally, the logic for assigning
+// per-resource security styles should live in the same place as the
+// logic for assigning per-page security styles (which lives in the
+// embedder). It would also be nice for the embedder to have the chance
+// to control the per-resource security style beyond the simple logic
+// here. (For example, the embedder might want to mark certain resources
+// differently if they use SHA1 signatures.) https://crbug.com/648326
+SecurityStyle GetSecurityStyleForResource(const GURL& url,
+ net::CertStatus cert_status) {
+ if (!url.SchemeIsCryptographic())
+ return SECURITY_STYLE_UNAUTHENTICATED;
+
+ // Minor errors don't lower the security style to
+ // SECURITY_STYLE_AUTHENTICATION_BROKEN.
+ if (net::IsCertStatusError(cert_status) &&
+ !net::IsCertStatusMinorError(cert_status)) {
+ return SECURITY_STYLE_AUTHENTICATION_BROKEN;
+ }
+
+ return SECURITY_STYLE_AUTHENTICATED;
+}
+
// Converts timing data from |load_timing| to the format used by WebKit.
void PopulateURLLoadTiming(const net::LoadTimingInfo& load_timing,
WebURLLoadTiming* url_timing) {
@@ -257,8 +279,8 @@ void SetSecurityStyleAndDetails(const GURL& url,
}
}
- SecurityStyle security_style = GetSecurityStyleForResource(
- url, true, info.cert_status);
+ SecurityStyle security_style =
+ GetSecurityStyleForResource(url, info.cert_status);
estark 2016/10/06 22:00:17 note that this is only for devtools (thereby stick
blink::WebURLResponse::SecurityStyle security_style_blink =
WebURLResponse::SecurityStyleUnknown;
« components/security_state/security_state_model.cc ('K') | « content/browser/web_contents/web_contents_impl_unittest.cc ('k') | content/common/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698