Chromium Code Reviews Chromium Code Reviews
Issue 2648353005:
Display "Not secure" verbose state for data: URLs (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/security_state/core/security_state.h" | 5 #include "components/security_state/core/security_state.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/metrics/field_trial.h" | 10 #include "base/metrics/field_trial.h" |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 125 bool is_cryptographic_with_certificate = | 125 bool is_cryptographic_with_certificate = |
| 126 (url.SchemeIsCryptographic() && visible_security_state.certificate); | 126 (url.SchemeIsCryptographic() && visible_security_state.certificate); |
| 127 | 127 |
| 128 // Set the security level to DANGEROUS for major certificate errors. | 128 // Set the security level to DANGEROUS for major certificate errors. |
| 129 if (is_cryptographic_with_certificate && | 129 if (is_cryptographic_with_certificate && |
| 130 net::IsCertStatusError(visible_security_state.cert_status) && | 130 net::IsCertStatusError(visible_security_state.cert_status) && |
| 131 !net::IsCertStatusMinorError(visible_security_state.cert_status)) { | 131 !net::IsCertStatusMinorError(visible_security_state.cert_status)) { |
| 132 return DANGEROUS; | 132 return DANGEROUS; |
| 133 } | 133 } |
| 134 | 134 |
| 135 if (url.SchemeIs(url::kDataScheme)) | |
|
estark
2017/01/26 22:46:28
Could you please add a comment here explaining why
meacer
2017/01/26 23:49:24
Done.
| |
| 136 return SecurityLevel::HTTP_SHOW_WARNING; | |
| 137 | |
| 135 // Choose the appropriate security level for HTTP requests. | 138 // Choose the appropriate security level for HTTP requests. |
| 136 if (!is_cryptographic_with_certificate) { | 139 if (!is_cryptographic_with_certificate) { |
| 137 if (!is_origin_secure_callback.Run(url) && url.IsStandard()) { | 140 if (!is_origin_secure_callback.Run(url) && url.IsStandard()) { |
| 138 return GetSecurityLevelForNonSecureFieldTrial( | 141 return GetSecurityLevelForNonSecureFieldTrial( |
| 139 visible_security_state.displayed_password_field_on_http || | 142 visible_security_state.displayed_password_field_on_http || |
| 140 visible_security_state.displayed_credit_card_field_on_http); | 143 visible_security_state.displayed_credit_card_field_on_http); |
| 141 } | 144 } |
| 142 return NONE; | 145 return NONE; |
| 143 } | 146 } |
| 144 | 147 |
| (...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 311 other.displayed_content_with_cert_errors && | 314 other.displayed_content_with_cert_errors && |
| 312 ran_content_with_cert_errors == other.ran_content_with_cert_errors && | 315 ran_content_with_cert_errors == other.ran_content_with_cert_errors && |
| 313 pkp_bypassed == other.pkp_bypassed && | 316 pkp_bypassed == other.pkp_bypassed && |
| 314 displayed_password_field_on_http == | 317 displayed_password_field_on_http == |
| 315 other.displayed_password_field_on_http && | 318 other.displayed_password_field_on_http && |
| 316 displayed_credit_card_field_on_http == | 319 displayed_credit_card_field_on_http == |
| 317 other.displayed_credit_card_field_on_http); | 320 other.displayed_credit_card_field_on_http); |
| 318 } | 321 } |
| 319 | 322 |
| 320 } // namespace security_state | 323 } // namespace security_state |
| OLD | NEW |
