| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 188 security_state::SecurityStateModel::HTTP_SHOW_WARNING) { | 188 security_state::SecurityStateModel::HTTP_SHOW_WARNING) { |
| 189 // If the HTTP_SHOW_WARNING field trial is in use, display an | 189 // If the HTTP_SHOW_WARNING field trial is in use, display an |
| 190 // unauthenticated explanation explaining why the omnibox warning is | 190 // unauthenticated explanation explaining why the omnibox warning is |
| 191 // present. | 191 // present. |
| 192 security_style_explanations->unauthenticated_explanations.push_back( | 192 security_style_explanations->unauthenticated_explanations.push_back( |
| 193 content::SecurityStyleExplanation( | 193 content::SecurityStyleExplanation( |
| 194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), | 194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), |
| 195 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); | 195 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); |
| 196 } else if (security_info.security_level == | 196 } else if (security_info.security_level == |
| 197 security_state::SecurityStateModel::NONE && | 197 security_state::SecurityStateModel::NONE && |
| 198 security_info.displayed_private_user_data_input_on_http) { | 198 (security_info.displayed_password_field_on_http || |
| 199 security_info.displayed_credit_card_field_on_http)) { |
| 199 // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an | 200 // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an |
| 200 // informational note that the omnibox will contain a warning for | 201 // informational note that the omnibox will contain a warning for |
| 201 // this site in a future version of Chrome. | 202 // this site in a future version of Chrome. |
| 202 security_style_explanations->info_explanations.push_back( | 203 security_style_explanations->info_explanations.push_back( |
| 203 content::SecurityStyleExplanation( | 204 content::SecurityStyleExplanation( |
| 204 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), | 205 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), |
| 205 l10n_util::GetStringUTF8( | 206 l10n_util::GetStringUTF8( |
| 206 IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION))); | 207 IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION))); |
| 207 } | 208 } |
| 208 | 209 |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 SecurityStateModel::SecurityInfo* result) const { | 327 SecurityStateModel::SecurityInfo* result) const { |
| 327 security_state_model_->GetSecurityInfo(result); | 328 security_state_model_->GetSecurityInfo(result); |
| 328 } | 329 } |
| 329 | 330 |
| 330 void ChromeSecurityStateModelClient::VisibleSecurityStateChanged() { | 331 void ChromeSecurityStateModelClient::VisibleSecurityStateChanged() { |
| 331 if (logged_http_warning_on_current_navigation_) | 332 if (logged_http_warning_on_current_navigation_) |
| 332 return; | 333 return; |
| 333 | 334 |
| 334 security_state::SecurityStateModel::SecurityInfo security_info; | 335 security_state::SecurityStateModel::SecurityInfo security_info; |
| 335 GetSecurityInfo(&security_info); | 336 GetSecurityInfo(&security_info); |
| 336 if (!security_info.displayed_private_user_data_input_on_http) | 337 if (!security_info.displayed_password_field_on_http && |
| 338 !security_info.displayed_credit_card_field_on_http) { |
| 337 return; | 339 return; |
| 340 } |
| 338 | 341 |
| 339 std::string warning; | 342 std::string warning; |
| 340 bool warning_is_user_visible = false; | 343 bool warning_is_user_visible = false; |
| 341 switch (security_info.security_level) { | 344 switch (security_info.security_level) { |
| 342 case security_state::SecurityStateModel::HTTP_SHOW_WARNING: | 345 case security_state::SecurityStateModel::HTTP_SHOW_WARNING: |
| 343 warning = | 346 warning = |
| 344 "This page includes a password or credit card input in a non-secure " | 347 "This page includes a password or credit card input in a non-secure " |
| 345 "context. A warning has been added to the URL bar. For more " | 348 "context. A warning has been added to the URL bar. For more " |
| 346 "information, see https://goo.gl/zmWq3m."; | 349 "information, see https://goo.gl/zmWq3m."; |
| 347 warning_is_user_visible = true; | 350 warning_is_user_visible = true; |
| 348 break; | 351 break; |
| 349 case security_state::SecurityStateModel::NONE: | 352 case security_state::SecurityStateModel::NONE: |
| 350 case security_state::SecurityStateModel::DANGEROUS: | 353 case security_state::SecurityStateModel::DANGEROUS: |
| 351 warning = | 354 warning = |
| 352 "This page includes a password or credit card input in a non-secure " | 355 "This page includes a password or credit card input in a non-secure " |
| 353 "context. A warning will be added to the URL bar in Chrome 56 (Jan " | 356 "context. A warning will be added to the URL bar in Chrome 56 (Jan " |
| 354 "2017). For more information, see https://goo.gl/zmWq3m."; | 357 "2017). For more information, see https://goo.gl/zmWq3m."; |
| 355 break; | 358 break; |
| 356 default: | 359 default: |
| 357 return; | 360 return; |
| 358 } | 361 } |
| 359 | 362 |
| 360 logged_http_warning_on_current_navigation_ = true; | 363 logged_http_warning_on_current_navigation_ = true; |
| 361 web_contents_->GetMainFrame()->AddMessageToConsole( | 364 web_contents_->GetMainFrame()->AddMessageToConsole( |
| 362 content::CONSOLE_MESSAGE_LEVEL_WARNING, warning); | 365 content::CONSOLE_MESSAGE_LEVEL_WARNING, warning); |
| 363 UMA_HISTOGRAM_BOOLEAN("Security.HTTPBad.UserWarnedAboutSensitiveInput", | 366 |
| 364 warning_is_user_visible); | 367 if (security_info.displayed_credit_card_field_on_http) { |
| 368 UMA_HISTOGRAM_BOOLEAN( |
| 369 "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard", |
| 370 warning_is_user_visible); |
| 371 } |
| 372 if (security_info.displayed_password_field_on_http) { |
| 373 UMA_HISTOGRAM_BOOLEAN( |
| 374 "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password", |
| 375 warning_is_user_visible); |
| 376 } |
| 365 } | 377 } |
| 366 | 378 |
| 367 void ChromeSecurityStateModelClient::DidFinishNavigation( | 379 void ChromeSecurityStateModelClient::DidFinishNavigation( |
| 368 content::NavigationHandle* navigation_handle) { | 380 content::NavigationHandle* navigation_handle) { |
| 369 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) { | 381 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) { |
| 370 // Only reset the console message flag for main-frame navigations, | 382 // Only reset the console message flag for main-frame navigations, |
| 371 // and not for same-page navigations like reference fragments and pushState. | 383 // and not for same-page navigations like reference fragments and pushState. |
| 372 logged_http_warning_on_current_navigation_ = false; | 384 logged_http_warning_on_current_navigation_ = false; |
| 373 } | 385 } |
| 374 } | 386 } |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 429 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); | 441 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); |
| 430 state->displayed_password_field_on_http = | 442 state->displayed_password_field_on_http = |
| 431 !!(ssl.content_status & | 443 !!(ssl.content_status & |
| 432 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 444 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 433 state->displayed_credit_card_field_on_http = | 445 state->displayed_credit_card_field_on_http = |
| 434 !!(ssl.content_status & | 446 !!(ssl.content_status & |
| 435 content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP); | 447 content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP); |
| 436 | 448 |
| 437 CheckSafeBrowsingStatus(entry, web_contents_, state); | 449 CheckSafeBrowsingStatus(entry, web_contents_, state); |
| 438 } | 450 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2483423002:
HTTP Bad: Split out UMA metrics for password vs credit card "Not secure" warnings (Closed)
