Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1051)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp

Issue 2432723003: [Presentation API] PresentationRequest should throw SecurityError for mixed contents (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/modules/presentation/PresentationRequest.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp
diff --git a/third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp b/third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp
index 0305d72b55c1d5013eb950e9266a0cb0ae11f349..7c3ea60f0a36219f2d738d7295d82223625335f4 100644
--- a/third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp
+++ b/third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp
@@ -13,6 +13,7 @@
#include "core/dom/ExecutionContext.h"
#include "core/frame/Settings.h"
#include "core/frame/UseCounter.h"
+#include "core/loader/MixedContentChecker.h"
#include "modules/EventTargetModules.h"
#include "modules/presentation/PresentationAvailability.h"
#include "modules/presentation/PresentationAvailabilityCallbacks.h"
@@ -105,11 +106,12 @@ ScriptPromise PresentationRequest::start(ScriptState* scriptState) {
InvalidAccessError,
"PresentationRequest::start() requires user gesture."));
+ if (MixedContentChecker::isMixedContent(
+ getExecutionContext()->getSecurityOrigin(), m_url))
+ return rejectWithMixedContentException(scriptState);
+
if (toDocument(getExecutionContext())->isSandboxed(SandboxPresentation))
- return ScriptPromise::rejectWithDOMException(
- scriptState, DOMException::create(SecurityError,
- "The document is sandboxed and lacks "
- "the 'allow-presentation' flag."));
+ return rejectWithSandBoxException(scriptState);
WebPresentationClient* client = presentationClient(getExecutionContext());
if (!client)
@@ -130,11 +132,12 @@ ScriptPromise PresentationRequest::start(ScriptState* scriptState) {
ScriptPromise PresentationRequest::reconnect(ScriptState* scriptState,
const String& id) {
+ if (MixedContentChecker::isMixedContent(
+ getExecutionContext()->getSecurityOrigin(), m_url))
+ return rejectWithMixedContentException(scriptState);
+
if (toDocument(getExecutionContext())->isSandboxed(SandboxPresentation))
- return ScriptPromise::rejectWithDOMException(
- scriptState, DOMException::create(SecurityError,
- "The document is sandboxed and lacks "
- "the 'allow-presentation' flag."));
+ return rejectWithSandBoxException(scriptState);
WebPresentationClient* client = presentationClient(getExecutionContext());
if (!client)
@@ -154,11 +157,12 @@ ScriptPromise PresentationRequest::reconnect(ScriptState* scriptState,
}
ScriptPromise PresentationRequest::getAvailability(ScriptState* scriptState) {
+ if (MixedContentChecker::isMixedContent(
+ getExecutionContext()->getSecurityOrigin(), m_url))
+ return rejectWithMixedContentException(scriptState);
+
if (toDocument(getExecutionContext())->isSandboxed(SandboxPresentation))
- return ScriptPromise::rejectWithDOMException(
- scriptState, DOMException::create(SecurityError,
- "The document is sandboxed and lacks "
- "the 'allow-presentation' flag."));
+ return rejectWithSandBoxException(scriptState);
WebPresentationClient* client = presentationClient(getExecutionContext());
if (!client)
@@ -189,4 +193,22 @@ PresentationRequest::PresentationRequest(ExecutionContext* executionContext,
ActiveDOMObject(executionContext),
m_url(url) {}
+ScriptPromise PresentationRequest::rejectWithMixedContentException(
+ ScriptState* scriptState) {
+ return ScriptPromise::rejectWithDOMException(
+ scriptState,
+ DOMException::create(SecurityError,
+ "Settings prohibit mixed security contexts and "
+ "url is an a priori unauthenticated URL. Url: " +
mark a. foltz 2016/10/20 21:56:14 I would say: "Presentation of an insecure document
zhaobin 2016/10/21 03:39:02 Done.
+ m_url.getString()));
+}
+
+ScriptPromise PresentationRequest::rejectWithSandBoxException(
+ ScriptState* scriptState) {
+ return ScriptPromise::rejectWithDOMException(
+ scriptState, DOMException::create(SecurityError,
+ "The document is sandboxed and lacks "
+ "the 'allow-presentation' flag."));
+}
+
} // namespace blink
« no previous file with comments | « third_party/WebKit/Source/modules/presentation/PresentationRequest.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698