Chromium Code Reviews Chromium Code Reviews
Issue 2745363004:
PlzNavigate: send SourceLocation when mixed content is found (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 214 // No mixed content, no problem. | 214 // No mixed content, no problem. |
| 215 return nullptr; | 215 return nullptr; |
| 216 } | 216 } |
| 217 | 217 |
| 218 // static | 218 // static |
| 219 void MixedContentChecker::logToConsoleAboutFetch( | 219 void MixedContentChecker::logToConsoleAboutFetch( |
| 220 LocalFrame* frame, | 220 LocalFrame* frame, |
| 221 const KURL& mainResourceUrl, | 221 const KURL& mainResourceUrl, |
| 222 const KURL& url, | 222 const KURL& url, |
| 223 WebURLRequest::RequestContext requestContext, | 223 WebURLRequest::RequestContext requestContext, |
| 224 bool allowed) { | 224 bool allowed, |
| 225 std::unique_ptr<SourceLocation> sourceLocation) { | |
| 225 String message = String::format( | 226 String message = String::format( |
| 226 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an " | 227 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an " |
| 227 "insecure %s '%s'. %s", | 228 "insecure %s '%s'. %s", |
| 228 mainResourceUrl.elidedString().utf8().data(), | 229 mainResourceUrl.elidedString().utf8().data(), |
| 229 requestContextName(requestContext), url.elidedString().utf8().data(), | 230 requestContextName(requestContext), url.elidedString().utf8().data(), |
| 230 allowed ? "This content should also be served over HTTPS." | 231 allowed ? "This content should also be served over HTTPS." |
| 231 : "This request has been blocked; the content must be served " | 232 : "This request has been blocked; the content must be served " |
| 232 "over HTTPS."); | 233 "over HTTPS."); |
| 233 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel; | 234 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel; |
| 234 frame->document()->addConsoleMessage( | 235 if (!sourceLocation) { |
|
Nate Chapin
2017/03/16 19:54:12
Nit: invert this if() so it doesn't have the '!',
clamy
2017/03/17 13:17:34
Done.
| |
| 235 ConsoleMessage::create(SecurityMessageSource, messageLevel, message)); | 236 frame->document()->addConsoleMessage( |
| 237 ConsoleMessage::create(SecurityMessageSource, messageLevel, message)); | |
| 238 } else { | |
| 239 frame->document()->addConsoleMessage( | |
| 240 ConsoleMessage::create(SecurityMessageSource, messageLevel, message, | |
| 241 std::move(sourceLocation))); | |
| 242 } | |
| 236 } | 243 } |
| 237 | 244 |
| 238 // static | 245 // static |
| 239 void MixedContentChecker::count(Frame* frame, | 246 void MixedContentChecker::count(Frame* frame, |
| 240 WebURLRequest::RequestContext requestContext) { | 247 WebURLRequest::RequestContext requestContext) { |
| 241 UseCounter::count(frame, UseCounter::MixedContentPresent); | 248 UseCounter::count(frame, UseCounter::MixedContentPresent); |
| 242 | 249 |
| 243 // Roll blockable content up into a single counter, count unblocked types | 250 // Roll blockable content up into a single counter, count unblocked types |
| 244 // individually so we can determine when they can be safely moved to the | 251 // individually so we can determine when they can be safely moved to the |
| 245 // blockable category: | 252 // blockable category: |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 389 if (allowed) | 396 if (allowed) |
| 390 client->didDisplayInsecureContent(); | 397 client->didDisplayInsecureContent(); |
| 391 break; | 398 break; |
| 392 case WebMixedContentContextType::NotMixedContent: | 399 case WebMixedContentContextType::NotMixedContent: |
| 393 NOTREACHED(); | 400 NOTREACHED(); |
| 394 break; | 401 break; |
| 395 }; | 402 }; |
| 396 | 403 |
| 397 if (reportingPolicy == SecurityViolationReportingPolicy::Report) { | 404 if (reportingPolicy == SecurityViolationReportingPolicy::Report) { |
| 398 logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, | 405 logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, |
| 399 requestContext, allowed); | 406 requestContext, allowed, nullptr); |
| 400 } | 407 } |
| 401 return !allowed; | 408 return !allowed; |
| 402 } | 409 } |
| 403 | 410 |
| 404 // static | 411 // static |
| 405 void MixedContentChecker::logToConsoleAboutWebSocket( | 412 void MixedContentChecker::logToConsoleAboutWebSocket( |
| 406 LocalFrame* frame, | 413 LocalFrame* frame, |
| 407 const KURL& mainResourceUrl, | 414 const KURL& mainResourceUrl, |
| 408 const KURL& url, | 415 const KURL& url, |
| 409 bool allowed) { | 416 bool allowed) { |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 571 } | 578 } |
| 572 } | 579 } |
| 573 | 580 |
| 574 // static | 581 // static |
| 575 void MixedContentChecker::mixedContentFound( | 582 void MixedContentChecker::mixedContentFound( |
| 576 LocalFrame* frame, | 583 LocalFrame* frame, |
| 577 const KURL& mainResourceUrl, | 584 const KURL& mainResourceUrl, |
| 578 const KURL& mixedContentUrl, | 585 const KURL& mixedContentUrl, |
| 579 WebURLRequest::RequestContext requestContext, | 586 WebURLRequest::RequestContext requestContext, |
| 580 bool wasAllowed, | 587 bool wasAllowed, |
| 581 bool hadRedirect) { | 588 bool hadRedirect, |
| 589 std::unique_ptr<SourceLocation> sourceLocation) { | |
| 582 // Logs to the frame console. | 590 // Logs to the frame console. |
| 583 logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl, | 591 logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl, |
| 584 requestContext, wasAllowed); | 592 requestContext, wasAllowed, std::move(sourceLocation)); |
| 585 // Reports to the CSP policy. | 593 // Reports to the CSP policy. |
| 586 ContentSecurityPolicy* policy = | 594 ContentSecurityPolicy* policy = |
| 587 frame->securityContext()->contentSecurityPolicy(); | 595 frame->securityContext()->contentSecurityPolicy(); |
| 588 if (policy) { | 596 if (policy) { |
| 589 policy->reportMixedContent( | 597 policy->reportMixedContent( |
| 590 mixedContentUrl, hadRedirect | 598 mixedContentUrl, hadRedirect |
| 591 ? ResourceRequest::RedirectStatus::FollowedRedirect | 599 ? ResourceRequest::RedirectStatus::FollowedRedirect |
| 592 : ResourceRequest::RedirectStatus::NoRedirect); | 600 : ResourceRequest::RedirectStatus::NoRedirect); |
| 593 } | 601 } |
| 594 } | 602 } |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 613 } | 621 } |
| 614 | 622 |
| 615 bool strictMixedContentCheckingForPlugin = | 623 bool strictMixedContentCheckingForPlugin = |
| 616 mixedFrame->settings() && | 624 mixedFrame->settings() && |
| 617 mixedFrame->settings()->getStrictMixedContentCheckingForPlugin(); | 625 mixedFrame->settings()->getStrictMixedContentCheckingForPlugin(); |
| 618 return WebMixedContent::contextTypeFromRequestContext( | 626 return WebMixedContent::contextTypeFromRequestContext( |
| 619 request.requestContext(), strictMixedContentCheckingForPlugin); | 627 request.requestContext(), strictMixedContentCheckingForPlugin); |
| 620 } | 628 } |
| 621 | 629 |
| 622 } // namespace blink | 630 } // namespace blink |
| OLD | NEW |
