components/security_state/core/security_state.cc - Issue 2643083003: Show form not secure warnings for blob and filesystem URLs. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(255)

My Issues | Starred Open | Closed | All

Unified Diff: components/security_state/core/security_state.cc

Issue 2643083003: Show form not secure warnings for blob and filesystem URLs. (Closed)

Patch Set: Fix tests Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « chrome/browser/ssl/security_state_tab_helper_browser_tests.cc ('k') | components/security_state/core/security_state_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/security_state/core/security_state.cc

diff --git a/components/security_state/core/security_state.cc b/components/security_state/core/security_state.cc

index 64274e0f55d06a36ad44f189d8fc02aded207e14..36ac2a7ef237d31b6b2c99270d8b5a9c85031210 100644

--- a/components/security_state/core/security_state.cc

+++ b/components/security_state/core/security_state.cc

@@ -120,9 +120,9 @@ SecurityLevel GetSecurityLevelForRequest(

return DANGEROUS;

}

- GURL url = visible_security_state.url;

+ const GURL url = visible_security_state.url;

- bool is_cryptographic_with_certificate =

+ const bool is_cryptographic_with_certificate =

(url.SchemeIsCryptographic() && visible_security_state.certificate);

// Set the security level to DANGEROUS for major certificate errors.

@@ -138,9 +138,13 @@ SecurityLevel GetSecurityLevelForRequest(

if (url.SchemeIs(url::kDataScheme))

return SecurityLevel::HTTP_SHOW_WARNING;

- // Choose the appropriate security level for HTTP requests.

+ // Choose the appropriate security level for requests to HTTP and remaining

+ // pseudo URLs (blob:, filesystem:). filesystem: is a standard scheme so does

+ // not need to be explicitly listed here.

+ // TODO(meacer): Remove special case for blob (crbug.com/684751).

if (!is_cryptographic_with_certificate) {

- if (!is_origin_secure_callback.Run(url) && url.IsStandard()) {

+ if (!is_origin_secure_callback.Run(url) &&

+ (url.IsStandard() || url.SchemeIs(url::kBlobScheme))) {

return GetSecurityLevelForNonSecureFieldTrial(

visible_security_state.displayed_password_field_on_http ||

visible_security_state.displayed_credit_card_field_on_http);

« no previous file with comments | « chrome/browser/ssl/security_state_tab_helper_browser_tests.cc ('k') | components/security_state/core/security_state_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698