Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2093)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp

Issue 2432723003: [Presentation API] PresentationRequest should throw SecurityError for mixed contents (Closed)
Patch Set: resolve code review comments from mlamouri Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp
diff --git a/third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp b/third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp
index 0305d72b55c1d5013eb950e9266a0cb0ae11f349..35b93af61fabaa5f2a64078f147bbe5929f488ef 100644
--- a/third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp
+++ b/third_party/WebKit/Source/modules/presentation/PresentationRequest.cpp
@@ -13,6 +13,7 @@
#include "core/dom/ExecutionContext.h"
#include "core/frame/Settings.h"
#include "core/frame/UseCounter.h"
+#include "core/loader/MixedContentChecker.h"
#include "modules/EventTargetModules.h"
#include "modules/presentation/PresentationAvailability.h"
#include "modules/presentation/PresentationAvailabilityCallbacks.h"
@@ -45,6 +46,22 @@ Settings* settings(ExecutionContext* executionContext) {
return document->settings();
}
+ScriptPromise rejectWithMixedContentException(ScriptState* scriptState,
+ const String& url) {
+ return ScriptPromise::rejectWithDOMException(
+ scriptState,
+ DOMException::create(SecurityError,
+ "Presentation of an insecure document [" + url +
+ "] is prohibited from a secure context."));
+}
+
+ScriptPromise rejectWithSandBoxException(ScriptState* scriptState) {
+ return ScriptPromise::rejectWithDOMException(
+ scriptState, DOMException::create(SecurityError,
+ "The document is sandboxed and lacks "
+ "the 'allow-presentation' flag."));
+}
+
} // anonymous namespace
// static
@@ -105,11 +122,13 @@ ScriptPromise PresentationRequest::start(ScriptState* scriptState) {
InvalidAccessError,
"PresentationRequest::start() requires user gesture."));
+ if (MixedContentChecker::isMixedContent(
+ getExecutionContext()->getSecurityOrigin(), m_url)) {
+ return rejectWithMixedContentException(scriptState, m_url.getString());
+ }
+
if (toDocument(getExecutionContext())->isSandboxed(SandboxPresentation))
- return ScriptPromise::rejectWithDOMException(
- scriptState, DOMException::create(SecurityError,
- "The document is sandboxed and lacks "
- "the 'allow-presentation' flag."));
+ return rejectWithSandBoxException(scriptState);
WebPresentationClient* client = presentationClient(getExecutionContext());
if (!client)
@@ -130,11 +149,13 @@ ScriptPromise PresentationRequest::start(ScriptState* scriptState) {
ScriptPromise PresentationRequest::reconnect(ScriptState* scriptState,
const String& id) {
+ if (MixedContentChecker::isMixedContent(
+ getExecutionContext()->getSecurityOrigin(), m_url)) {
+ return rejectWithMixedContentException(scriptState, m_url.getString());
+ }
+
if (toDocument(getExecutionContext())->isSandboxed(SandboxPresentation))
- return ScriptPromise::rejectWithDOMException(
- scriptState, DOMException::create(SecurityError,
- "The document is sandboxed and lacks "
- "the 'allow-presentation' flag."));
+ return rejectWithSandBoxException(scriptState);
WebPresentationClient* client = presentationClient(getExecutionContext());
if (!client)
@@ -154,11 +175,13 @@ ScriptPromise PresentationRequest::reconnect(ScriptState* scriptState,
}
ScriptPromise PresentationRequest::getAvailability(ScriptState* scriptState) {
+ if (MixedContentChecker::isMixedContent(
+ getExecutionContext()->getSecurityOrigin(), m_url)) {
+ return rejectWithMixedContentException(scriptState, m_url.getString());
+ }
+
if (toDocument(getExecutionContext())->isSandboxed(SandboxPresentation))
- return ScriptPromise::rejectWithDOMException(
- scriptState, DOMException::create(SecurityError,
- "The document is sandboxed and lacks "
- "the 'allow-presentation' flag."));
+ return rejectWithSandBoxException(scriptState);
WebPresentationClient* client = presentationClient(getExecutionContext());
if (!client)
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698