| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" | 5 #include "chrome/browser/ssl/chrome_security_state_model_client.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 188 security_state::SecurityStateModel::HTTP_SHOW_WARNING) { | 188 security_state::SecurityStateModel::HTTP_SHOW_WARNING) { |
| 189 // If the HTTP_SHOW_WARNING field trial is in use, display an | 189 // If the HTTP_SHOW_WARNING field trial is in use, display an |
| 190 // unauthenticated explanation explaining why the omnibox warning is | 190 // unauthenticated explanation explaining why the omnibox warning is |
| 191 // present. | 191 // present. |
| 192 security_style_explanations->unauthenticated_explanations.push_back( | 192 security_style_explanations->unauthenticated_explanations.push_back( |
| 193 content::SecurityStyleExplanation( | 193 content::SecurityStyleExplanation( |
| 194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), | 194 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), |
| 195 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); | 195 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT_DESCRIPTION))); |
| 196 } else if (security_info.security_level == | 196 } else if (security_info.security_level == |
| 197 security_state::SecurityStateModel::NONE && | 197 security_state::SecurityStateModel::NONE && |
| 198 (security_info.displayed_password_field_on_http || | 198 security_info.displayed_private_user_data_input_on_http) { |
| 199 security_info.displayed_credit_card_field_on_http)) { | |
| 200 // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an | 199 // If the HTTP_SHOW_WARNING field trial isn't in use yet, display an |
| 201 // informational note that the omnibox will contain a warning for | 200 // informational note that the omnibox will contain a warning for |
| 202 // this site in a future version of Chrome. | 201 // this site in a future version of Chrome. |
| 203 security_style_explanations->info_explanations.push_back( | 202 security_style_explanations->info_explanations.push_back( |
| 204 content::SecurityStyleExplanation( | 203 content::SecurityStyleExplanation( |
| 205 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), | 204 l10n_util::GetStringUTF8(IDS_PRIVATE_USER_DATA_INPUT), |
| 206 l10n_util::GetStringUTF8( | 205 l10n_util::GetStringUTF8( |
| 207 IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION))); | 206 IDS_PRIVATE_USER_DATA_INPUT_FUTURE_DESCRIPTION))); |
| 208 } | 207 } |
| 209 | 208 |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 327 SecurityStateModel::SecurityInfo* result) const { | 326 SecurityStateModel::SecurityInfo* result) const { |
| 328 security_state_model_->GetSecurityInfo(result); | 327 security_state_model_->GetSecurityInfo(result); |
| 329 } | 328 } |
| 330 | 329 |
| 331 void ChromeSecurityStateModelClient::VisibleSecurityStateChanged() { | 330 void ChromeSecurityStateModelClient::VisibleSecurityStateChanged() { |
| 332 if (logged_http_warning_on_current_navigation_) | 331 if (logged_http_warning_on_current_navigation_) |
| 333 return; | 332 return; |
| 334 | 333 |
| 335 security_state::SecurityStateModel::SecurityInfo security_info; | 334 security_state::SecurityStateModel::SecurityInfo security_info; |
| 336 GetSecurityInfo(&security_info); | 335 GetSecurityInfo(&security_info); |
| 337 if (!security_info.displayed_password_field_on_http && | 336 if (!security_info.displayed_private_user_data_input_on_http) |
| 338 !security_info.displayed_credit_card_field_on_http) { | |
| 339 return; | 337 return; |
| 340 } | |
| 341 | 338 |
| 342 std::string warning; | 339 std::string warning; |
| 343 bool warning_is_user_visible = false; | 340 bool warning_is_user_visible = false; |
| 344 switch (security_info.security_level) { | 341 switch (security_info.security_level) { |
| 345 case security_state::SecurityStateModel::HTTP_SHOW_WARNING: | 342 case security_state::SecurityStateModel::HTTP_SHOW_WARNING: |
| 346 warning = | 343 warning = |
| 347 "This page includes a password or credit card input in a non-secure " | 344 "This page includes a password or credit card input in a non-secure " |
| 348 "context. A warning has been added to the URL bar. For more " | 345 "context. A warning has been added to the URL bar. For more " |
| 349 "information, see https://goo.gl/zmWq3m."; | 346 "information, see https://goo.gl/zmWq3m."; |
| 350 warning_is_user_visible = true; | 347 warning_is_user_visible = true; |
| 351 break; | 348 break; |
| 352 case security_state::SecurityStateModel::NONE: | 349 case security_state::SecurityStateModel::NONE: |
| 353 case security_state::SecurityStateModel::DANGEROUS: | 350 case security_state::SecurityStateModel::DANGEROUS: |
| 354 warning = | 351 warning = |
| 355 "This page includes a password or credit card input in a non-secure " | 352 "This page includes a password or credit card input in a non-secure " |
| 356 "context. A warning will be added to the URL bar in Chrome 56 (Jan " | 353 "context. A warning will be added to the URL bar in Chrome 56 (Jan " |
| 357 "2017). For more information, see https://goo.gl/zmWq3m."; | 354 "2017). For more information, see https://goo.gl/zmWq3m."; |
| 358 break; | 355 break; |
| 359 default: | 356 default: |
| 360 return; | 357 return; |
| 361 } | 358 } |
| 362 | 359 |
| 363 logged_http_warning_on_current_navigation_ = true; | 360 logged_http_warning_on_current_navigation_ = true; |
| 364 web_contents_->GetMainFrame()->AddMessageToConsole( | 361 web_contents_->GetMainFrame()->AddMessageToConsole( |
| 365 content::CONSOLE_MESSAGE_LEVEL_WARNING, warning); | 362 content::CONSOLE_MESSAGE_LEVEL_WARNING, warning); |
| 366 | 363 UMA_HISTOGRAM_BOOLEAN("Security.HTTPBad.UserWarnedAboutSensitiveInput", |
| 367 if (security_info.displayed_credit_card_field_on_http) { | 364 warning_is_user_visible); |
| 368 UMA_HISTOGRAM_BOOLEAN( | |
| 369 "Security.HTTPBad.UserWarnedAboutSensitiveInput.CreditCard", | |
| 370 warning_is_user_visible); | |
| 371 } | |
| 372 if (security_info.displayed_password_field_on_http) { | |
| 373 UMA_HISTOGRAM_BOOLEAN( | |
| 374 "Security.HTTPBad.UserWarnedAboutSensitiveInput.Password", | |
| 375 warning_is_user_visible); | |
| 376 } | |
| 377 } | 365 } |
| 378 | 366 |
| 379 void ChromeSecurityStateModelClient::DidFinishNavigation( | 367 void ChromeSecurityStateModelClient::DidFinishNavigation( |
| 380 content::NavigationHandle* navigation_handle) { | 368 content::NavigationHandle* navigation_handle) { |
| 381 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) { | 369 if (navigation_handle->IsInMainFrame() && !navigation_handle->IsSamePage()) { |
| 382 // Only reset the console message flag for main-frame navigations, | 370 // Only reset the console message flag for main-frame navigations, |
| 383 // and not for same-page navigations like reference fragments and pushState. | 371 // and not for same-page navigations like reference fragments and pushState. |
| 384 logged_http_warning_on_current_navigation_ = false; | 372 logged_http_warning_on_current_navigation_ = false; |
| 385 } | 373 } |
| 386 } | 374 } |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 441 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); | 429 !!(ssl.content_status & content::SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS); |
| 442 state->displayed_password_field_on_http = | 430 state->displayed_password_field_on_http = |
| 443 !!(ssl.content_status & | 431 !!(ssl.content_status & |
| 444 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); | 432 content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP); |
| 445 state->displayed_credit_card_field_on_http = | 433 state->displayed_credit_card_field_on_http = |
| 446 !!(ssl.content_status & | 434 !!(ssl.content_status & |
| 447 content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP); | 435 content::SSLStatus::DISPLAYED_CREDIT_CARD_FIELD_ON_HTTP); |
| 448 | 436 |
| 449 CheckSafeBrowsingStatus(entry, web_contents_, state); | 437 CheckSafeBrowsingStatus(entry, web_contents_, state); |
| 450 } | 438 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2494033002:
Revert "HTTP Bad: Split out UMA metrics for password vs credit card "Not secure" warnings" (Closed)
