| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/core/security_state.h" | 5 #include "components/security_state/core/security_state.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 113 visible_security_state.malicious_content_status != | 113 visible_security_state.malicious_content_status != |
| 114 MALICIOUS_CONTENT_STATUS_NONE); | 114 MALICIOUS_CONTENT_STATUS_NONE); |
| 115 | 115 |
| 116 // Override the connection security information if the website failed the | 116 // Override the connection security information if the website failed the |
| 117 // browser's malware checks. | 117 // browser's malware checks. |
| 118 if (visible_security_state.malicious_content_status != | 118 if (visible_security_state.malicious_content_status != |
| 119 MALICIOUS_CONTENT_STATUS_NONE) { | 119 MALICIOUS_CONTENT_STATUS_NONE) { |
| 120 return DANGEROUS; | 120 return DANGEROUS; |
| 121 } | 121 } |
| 122 | 122 |
| 123 GURL url = visible_security_state.url; | 123 const GURL url = visible_security_state.url; |
| 124 | 124 |
| 125 bool is_cryptographic_with_certificate = | 125 const bool is_cryptographic_with_certificate = |
| 126 (url.SchemeIsCryptographic() && visible_security_state.certificate); | 126 (url.SchemeIsCryptographic() && visible_security_state.certificate); |
| 127 | 127 |
| 128 // Set the security level to DANGEROUS for major certificate errors. | 128 // Set the security level to DANGEROUS for major certificate errors. |
| 129 if (is_cryptographic_with_certificate && | 129 if (is_cryptographic_with_certificate && |
| 130 net::IsCertStatusError(visible_security_state.cert_status) && | 130 net::IsCertStatusError(visible_security_state.cert_status) && |
| 131 !net::IsCertStatusMinorError(visible_security_state.cert_status)) { | 131 !net::IsCertStatusMinorError(visible_security_state.cert_status)) { |
| 132 return DANGEROUS; | 132 return DANGEROUS; |
| 133 } | 133 } |
| 134 | 134 |
| 135 // data: URLs don't define a secure context, and are a vector for spoofing. | 135 // data: URLs don't define a secure context, and are a vector for spoofing. |
| 136 // Display a "Not secure" badge for all data URLs, regardless of whether | 136 // Display a "Not secure" badge for all data URLs, regardless of whether |
| 137 // they show a password or credit card field. | 137 // they show a password or credit card field. |
| 138 if (url.SchemeIs(url::kDataScheme)) | 138 if (url.SchemeIs(url::kDataScheme)) |
| 139 return SecurityLevel::HTTP_SHOW_WARNING; | 139 return SecurityLevel::HTTP_SHOW_WARNING; |
| 140 | 140 |
| 141 // Choose the appropriate security level for HTTP requests. | 141 // Choose the appropriate security level for requests to HTTP and remaining |
| 142 // pseudo URLs (blob:, filesystem:). filesystem: is a standard scheme so does |
| 143 // not need to be explicitly listed here. |
| 144 // TODO(meacer): Remove special case for blob (crbug.com/684751). |
| 142 if (!is_cryptographic_with_certificate) { | 145 if (!is_cryptographic_with_certificate) { |
| 143 if (!is_origin_secure_callback.Run(url) && url.IsStandard()) { | 146 if (!is_origin_secure_callback.Run(url) && |
| 147 (url.IsStandard() || url.SchemeIs(url::kBlobScheme))) { |
| 144 return GetSecurityLevelForNonSecureFieldTrial( | 148 return GetSecurityLevelForNonSecureFieldTrial( |
| 145 visible_security_state.displayed_password_field_on_http || | 149 visible_security_state.displayed_password_field_on_http || |
| 146 visible_security_state.displayed_credit_card_field_on_http); | 150 visible_security_state.displayed_credit_card_field_on_http); |
| 147 } | 151 } |
| 148 return NONE; | 152 return NONE; |
| 149 } | 153 } |
| 150 | 154 |
| 151 // Downgrade the security level for active insecure subresources. | 155 // Downgrade the security level for active insecure subresources. |
| 152 if (mixed_content_status == CONTENT_STATUS_RAN || | 156 if (mixed_content_status == CONTENT_STATUS_RAN || |
| 153 mixed_content_status == CONTENT_STATUS_DISPLAYED_AND_RAN || | 157 mixed_content_status == CONTENT_STATUS_DISPLAYED_AND_RAN || |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 317 other.displayed_content_with_cert_errors && | 321 other.displayed_content_with_cert_errors && |
| 318 ran_content_with_cert_errors == other.ran_content_with_cert_errors && | 322 ran_content_with_cert_errors == other.ran_content_with_cert_errors && |
| 319 pkp_bypassed == other.pkp_bypassed && | 323 pkp_bypassed == other.pkp_bypassed && |
| 320 displayed_password_field_on_http == | 324 displayed_password_field_on_http == |
| 321 other.displayed_password_field_on_http && | 325 other.displayed_password_field_on_http && |
| 322 displayed_credit_card_field_on_http == | 326 displayed_credit_card_field_on_http == |
| 323 other.displayed_credit_card_field_on_http); | 327 other.displayed_credit_card_field_on_http); |
| 324 } | 328 } |
| 325 | 329 |
| 326 } // namespace security_state | 330 } // namespace security_state |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2643083003:
Show form not secure warnings for blob and filesystem URLs. (Closed)
