Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(472)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/security_state/core/security_state.cc

Issue 2643083003: Show form not secure warnings for blob and filesystem URLs. (Closed)
Patch Set: Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/ssl/security_state_tab_helper_browser_tests.cc ('K') | « chrome/browser/ssl/security_state_tab_helper_browser_tests.cc ('k') | components/security_state/core/security_state_unittest.cc » ('j') | components/security_state/core/security_state_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/security_state/core/security_state.h" 5 #include "components/security_state/core/security_state.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/metrics/field_trial.h" 10 #include "base/metrics/field_trial.h"
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
117 bool is_cryptographic_with_certificate = 117 bool is_cryptographic_with_certificate =
118 (url.SchemeIsCryptographic() && visible_security_state.certificate); 118 (url.SchemeIsCryptographic() && visible_security_state.certificate);
119 119
120 // Set the security level to DANGEROUS for major certificate errors. 120 // Set the security level to DANGEROUS for major certificate errors.
121 if (is_cryptographic_with_certificate && 121 if (is_cryptographic_with_certificate &&
122 net::IsCertStatusError(visible_security_state.cert_status) && 122 net::IsCertStatusError(visible_security_state.cert_status) &&
123 !net::IsCertStatusMinorError(visible_security_state.cert_status)) { 123 !net::IsCertStatusMinorError(visible_security_state.cert_status)) {
124 return DANGEROUS; 124 return DANGEROUS;
125 } 125 }
126 126
127 // Choose the appropriate security level for HTTP requests. 127 // Choose the appropriate security level for requests to HTTP and pseudo URLs
128 // (data:, blob:, filesystem:). filesystem: is a standard scheme so does not
129 // need to be explicitly listed here.
128 if (!is_cryptographic_with_certificate) { 130 if (!is_cryptographic_with_certificate) {
129 if (!is_origin_secure_callback.Run(url) && url.IsStandard()) { 131 if (!is_origin_secure_callback.Run(url) &&
132 (url.IsStandard() || url.SchemeIs(url::kDataScheme) ||
133 url.SchemeIs(url::kBlobScheme))) {
130 return GetSecurityLevelForNonSecureFieldTrial( 134 return GetSecurityLevelForNonSecureFieldTrial(
131 visible_security_state.displayed_password_field_on_http || 135 visible_security_state.displayed_password_field_on_http ||
132 visible_security_state.displayed_credit_card_field_on_http); 136 visible_security_state.displayed_credit_card_field_on_http);
133 } 137 }
134 return NONE; 138 return NONE;
135 } 139 }
136 140
137 // Downgrade the security level for active insecure subresources. 141 // Downgrade the security level for active insecure subresources.
138 if (mixed_content_status == CONTENT_STATUS_RAN || 142 if (mixed_content_status == CONTENT_STATUS_RAN ||
139 mixed_content_status == CONTENT_STATUS_DISPLAYED_AND_RAN || 143 mixed_content_status == CONTENT_STATUS_DISPLAYED_AND_RAN ||
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
303 other.displayed_content_with_cert_errors && 307 other.displayed_content_with_cert_errors &&
304 ran_content_with_cert_errors == other.ran_content_with_cert_errors && 308 ran_content_with_cert_errors == other.ran_content_with_cert_errors &&
305 pkp_bypassed == other.pkp_bypassed && 309 pkp_bypassed == other.pkp_bypassed &&
306 displayed_password_field_on_http == 310 displayed_password_field_on_http ==
307 other.displayed_password_field_on_http && 311 other.displayed_password_field_on_http &&
308 displayed_credit_card_field_on_http == 312 displayed_credit_card_field_on_http ==
309 other.displayed_credit_card_field_on_http); 313 other.displayed_credit_card_field_on_http);
310 } 314 }
311 315
312 } // namespace security_state 316 } // namespace security_state
OLDNEW
« chrome/browser/ssl/security_state_tab_helper_browser_tests.cc ('K') | « chrome/browser/ssl/security_state_tab_helper_browser_tests.cc ('k') | components/security_state/core/security_state_unittest.cc » ('j') | components/security_state/core/security_state_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698