Index: content/browser/ssl/ssl_manager.cc |
diff --git a/content/browser/ssl/ssl_manager.cc b/content/browser/ssl/ssl_manager.cc |
index df2e7575b49da85f0455e6e880cc5e0f01d02318..08cfeb127d6140fce006f6eb6ee301d34d5fea69 100644 |
--- a/content/browser/ssl/ssl_manager.cc |
+++ b/content/browser/ssl/ssl_manager.cc |
@@ -11,6 +11,8 @@ |
#include "base/metrics/histogram_macros.h" |
#include "base/strings/utf_string_conversions.h" |
#include "base/supports_user_data.h" |
+#include "content/browser/devtools/devtools_agent_host_impl.h" |
+#include "content/browser/devtools/protocol/security_handler.h" |
#include "content/browser/frame_host/navigation_entry_impl.h" |
#include "content/browser/loader/resource_dispatcher_host_impl.h" |
#include "content/browser/loader/resource_request_info_impl.h" |
@@ -20,6 +22,7 @@ |
#include "content/public/browser/browser_thread.h" |
#include "content/public/browser/certificate_request_result_type.h" |
#include "content/public/browser/content_browser_client.h" |
+#include "content/public/browser/devtools_agent_host.h" |
#include "content/public/browser/navigation_details.h" |
#include "content/public/browser/ssl_host_state_delegate.h" |
#include "net/url_request/url_request.h" |
@@ -37,8 +40,17 @@ enum SSLGoodCertSeenEvent { |
SSL_GOOD_CERT_SEEN_EVENT_MAX = 2 |
}; |
+void OnAllowCertificateWithRecordDecision( |
+ bool record_decision, |
+ const base::Callback<void(bool, content::CertificateRequestResultType)>& |
+ callback, |
+ CertificateRequestResultType decision) { |
+ callback.Run(record_decision, decision); |
+} |
+ |
void OnAllowCertificate(SSLErrorHandler* handler, |
SSLHostStateDelegate* state_delegate, |
+ bool record_decision, |
CertificateRequestResultType decision) { |
DCHECK(handler->ssl_info().is_valid()); |
switch (decision) { |
@@ -53,7 +65,7 @@ void OnAllowCertificate(SSLErrorHandler* handler, |
// While AllowCert() executes synchronously on this thread, |
// ContinueRequest() gets posted to a different thread. Calling |
// AllowCert() first ensures deterministic ordering. |
- if (state_delegate) { |
+ if (record_decision && state_delegate) { |
state_delegate->AllowCert(handler->request_url().host(), |
estark
2017/03/09 00:24:31
I'm not sure that this will work; have you tested
Eric Seckler
2017/03/09 11:34:53
For use in headless, I think we'll be happy with h
irisu
2017/03/13 01:56:56
Added an image to the test html, let me know if th
estark
2017/03/14 01:22:50
By "it seems to be working", do you mean that the
irisu
2017/03/16 03:40:18
Done. I added the subresource case and figured out
|
*handler->ssl_info().cert.get(), |
handler->cert_error()); |
@@ -356,11 +368,31 @@ void SSLManager::OnCertErrorInternal(std::unique_ptr<SSLErrorHandler> handler, |
const net::SSLInfo& ssl_info = handler->ssl_info(); |
const GURL& request_url = handler->request_url(); |
ResourceType resource_type = handler->resource_type(); |
- GetContentClient()->browser()->AllowCertificateError( |
- web_contents, cert_error, ssl_info, request_url, resource_type, |
- overridable, strict_enforcement, expired_previous_decision, |
+ |
+ base::Callback<void(bool, content::CertificateRequestResultType)> callback = |
base::Bind(&OnAllowCertificate, base::Owned(handler.release()), |
- ssl_host_state_delegate_)); |
+ ssl_host_state_delegate_); |
+ |
+ if (resource_type != RESOURCE_TYPE_MAIN_FRAME) { |
estark
2017/03/09 00:24:31
Per my comment above, I think we need to go back o
irisu
2017/03/13 01:56:56
Done.
|
+ // A sub-resource has a certificate error. Deny the request without sending |
+ // devtools event or showing UI interstitial. |
+ callback.Run(false, CERTIFICATE_REQUEST_RESULT_TYPE_DENY); |
+ return; |
+ } |
+ |
+ DevToolsAgentHostImpl* agent_host = static_cast<DevToolsAgentHostImpl*>( |
+ DevToolsAgentHost::GetOrCreateFor(web_contents).get()); |
+ protocol::SecurityHandler* security_handler = |
+ protocol::SecurityHandler::FromAgentHost(agent_host); |
+ if (!security_handler || |
+ !security_handler->NotifyCertificateError( |
+ cert_error, request_url, |
+ base::Bind(&OnAllowCertificateWithRecordDecision, false, callback))) { |
+ GetContentClient()->browser()->AllowCertificateError( |
+ web_contents, cert_error, ssl_info, request_url, resource_type, |
+ overridable, strict_enforcement, expired_previous_decision, |
+ base::Bind(&OnAllowCertificateWithRecordDecision, true, callback)); |
+ } |
} |
void SSLManager::UpdateEntry(NavigationEntryImpl* entry, |