Chromium Code Reviews Chromium Code Reviews
Issue 2410043003:
Add a console messsage for HTTP-bad (Closed)
| Index: chrome/browser/ssl/chrome_security_state_model_client.cc |
| diff --git a/chrome/browser/ssl/chrome_security_state_model_client.cc b/chrome/browser/ssl/chrome_security_state_model_client.cc |
| index 51cd505bc34bbffe981a309fd96a2da7606d819a..f8e577d3d5a693b1fa1c2f5ed5312593a3f742a0 100644 |
| --- a/chrome/browser/ssl/chrome_security_state_model_client.cc |
| +++ b/chrome/browser/ssl/chrome_security_state_model_client.cc |
| @@ -22,6 +22,8 @@ |
| #include "chrome/browser/safe_browsing/ui_manager.h" |
| #include "chrome/grit/generated_resources.h" |
| #include "content/public/browser/navigation_entry.h" |
| +#include "content/public/browser/navigation_handle.h" |
| +#include "content/public/browser/render_frame_host.h" |
| #include "content/public/browser/security_style_explanation.h" |
| #include "content/public/browser/security_style_explanations.h" |
| #include "content/public/browser/ssl_status.h" |
| @@ -160,13 +162,34 @@ void CheckSafeBrowsingStatus(content::NavigationEntry* entry, |
| } |
| } |
| +// Logs a message to the console if the security level has been |
| +// downgraded to HTTP_SHOW_WARNING. Returns true if the console message |
| +// was logged, false otherwise. |
| +bool MaybeLogHttpWarning( |
| + content::WebContents* web_contents, |
| + const security_state::SecurityStateModel::SecurityInfo* const |
| + security_info) { |
| + if (security_info->security_level == |
| + security_state::SecurityStateModel::HTTP_SHOW_WARNING) { |
| + web_contents->GetMainFrame()->AddMessageToConsole( |
| + content::CONSOLE_MESSAGE_LEVEL_WARNING, |
| + "In Chrome M56 (Jan 2017), this page will be marked " |
| + "as \"not secure\" in the URL bar. For more " |
| + "information see https://goo.gl/zmWq3m"); |
| + return true; |
| + } |
| + return false; |
| +} |
| + |
| } // namespace |
| ChromeSecurityStateModelClient::ChromeSecurityStateModelClient( |
| content::WebContents* web_contents) |
| : web_contents_(web_contents), |
| - security_state_model_(new SecurityStateModel()) { |
| + security_state_model_(new SecurityStateModel()), |
| + logged_http_warning_on_current_navigation_(false) { |
| security_state_model_->SetClient(this); |
| + WebContentsObserver::Observe(web_contents_); |
| } |
| ChromeSecurityStateModelClient::~ChromeSecurityStateModelClient() {} |
| @@ -297,6 +320,10 @@ blink::WebSecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle( |
| void ChromeSecurityStateModelClient::GetSecurityInfo( |
| SecurityStateModel::SecurityInfo* result) const { |
| security_state_model_->GetSecurityInfo(result); |
| + if (!logged_http_warning_on_current_navigation_) { |
| + logged_http_warning_on_current_navigation_ = |
| + MaybeLogHttpWarning(web_contents_, result); |
| + } |
|
meacer
2016/10/13 17:41:01
I'm sure there is a good reason, but it feels a bi
estark
2016/10/13 17:59:17
Yeah, I agree it's kinda gross, see my first comme
|
| } |
| bool ChromeSecurityStateModelClient::UsedPolicyInstalledCertificate() { |
| @@ -314,6 +341,13 @@ bool ChromeSecurityStateModelClient::IsOriginSecure(const GURL& url) { |
| return content::IsOriginSecure(url); |
| } |
| +void ChromeSecurityStateModelClient::DidFinishNavigation( |
| + content::NavigationHandle* navigation_handle) { |
| + if (navigation_handle->IsInMainFrame()) { |
| + logged_http_warning_on_current_navigation_ = false; |
| + } |
|
meacer
2016/10/13 17:41:01
Should we clear this bit when there is a new navig
estark
2016/10/13 17:59:17
(will revisit this comment once I settle the quest
estark
2016/10/14 17:57:06
I think it's more correct to clear the flag when t
|
| +} |
| + |
| void ChromeSecurityStateModelClient::GetVisibleSecurityState( |
| SecurityStateModel::VisibleSecurityState* state) { |
| content::NavigationEntry* entry = |
