| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 214 // No mixed content, no problem. | 214 // No mixed content, no problem. |
| 215 return nullptr; | 215 return nullptr; |
| 216 } | 216 } |
| 217 | 217 |
| 218 // static | 218 // static |
| 219 void MixedContentChecker::logToConsoleAboutFetch( | 219 void MixedContentChecker::logToConsoleAboutFetch( |
| 220 LocalFrame* frame, | 220 LocalFrame* frame, |
| 221 const KURL& mainResourceUrl, | 221 const KURL& mainResourceUrl, |
| 222 const KURL& url, | 222 const KURL& url, |
| 223 WebURLRequest::RequestContext requestContext, | 223 WebURLRequest::RequestContext requestContext, |
| 224 bool allowed, | 224 bool allowed) { |
| 225 std::unique_ptr<SourceLocation> sourceLocation) { | |
| 226 String message = String::format( | 225 String message = String::format( |
| 227 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an " | 226 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an " |
| 228 "insecure %s '%s'. %s", | 227 "insecure %s '%s'. %s", |
| 229 mainResourceUrl.elidedString().utf8().data(), | 228 mainResourceUrl.elidedString().utf8().data(), |
| 230 requestContextName(requestContext), url.elidedString().utf8().data(), | 229 requestContextName(requestContext), url.elidedString().utf8().data(), |
| 231 allowed ? "This content should also be served over HTTPS." | 230 allowed ? "This content should also be served over HTTPS." |
| 232 : "This request has been blocked; the content must be served " | 231 : "This request has been blocked; the content must be served " |
| 233 "over HTTPS."); | 232 "over HTTPS."); |
| 234 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel; | 233 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel; |
| 235 if (sourceLocation) { | 234 frame->document()->addConsoleMessage( |
| 236 frame->document()->addConsoleMessage( | 235 ConsoleMessage::create(SecurityMessageSource, messageLevel, message)); |
| 237 ConsoleMessage::create(SecurityMessageSource, messageLevel, message, | |
| 238 std::move(sourceLocation))); | |
| 239 } else { | |
| 240 frame->document()->addConsoleMessage( | |
| 241 ConsoleMessage::create(SecurityMessageSource, messageLevel, message)); | |
| 242 } | |
| 243 } | 236 } |
| 244 | 237 |
| 245 // static | 238 // static |
| 246 void MixedContentChecker::count(Frame* frame, | 239 void MixedContentChecker::count(Frame* frame, |
| 247 WebURLRequest::RequestContext requestContext) { | 240 WebURLRequest::RequestContext requestContext) { |
| 248 UseCounter::count(frame, UseCounter::MixedContentPresent); | 241 UseCounter::count(frame, UseCounter::MixedContentPresent); |
| 249 | 242 |
| 250 // Roll blockable content up into a single counter, count unblocked types | 243 // Roll blockable content up into a single counter, count unblocked types |
| 251 // individually so we can determine when they can be safely moved to the | 244 // individually so we can determine when they can be safely moved to the |
| 252 // blockable category: | 245 // blockable category: |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 396 if (allowed) | 389 if (allowed) |
| 397 client->didDisplayInsecureContent(); | 390 client->didDisplayInsecureContent(); |
| 398 break; | 391 break; |
| 399 case WebMixedContentContextType::NotMixedContent: | 392 case WebMixedContentContextType::NotMixedContent: |
| 400 NOTREACHED(); | 393 NOTREACHED(); |
| 401 break; | 394 break; |
| 402 }; | 395 }; |
| 403 | 396 |
| 404 if (reportingPolicy == SecurityViolationReportingPolicy::Report) { | 397 if (reportingPolicy == SecurityViolationReportingPolicy::Report) { |
| 405 logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, | 398 logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, |
| 406 requestContext, allowed, nullptr); | 399 requestContext, allowed); |
| 407 } | 400 } |
| 408 return !allowed; | 401 return !allowed; |
| 409 } | 402 } |
| 410 | 403 |
| 411 // static | 404 // static |
| 412 void MixedContentChecker::logToConsoleAboutWebSocket( | 405 void MixedContentChecker::logToConsoleAboutWebSocket( |
| 413 LocalFrame* frame, | 406 LocalFrame* frame, |
| 414 const KURL& mainResourceUrl, | 407 const KURL& mainResourceUrl, |
| 415 const KURL& url, | 408 const KURL& url, |
| 416 bool allowed) { | 409 bool allowed) { |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 578 } | 571 } |
| 579 } | 572 } |
| 580 | 573 |
| 581 // static | 574 // static |
| 582 void MixedContentChecker::mixedContentFound( | 575 void MixedContentChecker::mixedContentFound( |
| 583 LocalFrame* frame, | 576 LocalFrame* frame, |
| 584 const KURL& mainResourceUrl, | 577 const KURL& mainResourceUrl, |
| 585 const KURL& mixedContentUrl, | 578 const KURL& mixedContentUrl, |
| 586 WebURLRequest::RequestContext requestContext, | 579 WebURLRequest::RequestContext requestContext, |
| 587 bool wasAllowed, | 580 bool wasAllowed, |
| 588 bool hadRedirect, | 581 bool hadRedirect) { |
| 589 std::unique_ptr<SourceLocation> sourceLocation) { | |
| 590 // Logs to the frame console. | 582 // Logs to the frame console. |
| 591 logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl, | 583 logToConsoleAboutFetch(frame, mainResourceUrl, mixedContentUrl, |
| 592 requestContext, wasAllowed, std::move(sourceLocation)); | 584 requestContext, wasAllowed); |
| 593 // Reports to the CSP policy. | 585 // Reports to the CSP policy. |
| 594 ContentSecurityPolicy* policy = | 586 ContentSecurityPolicy* policy = |
| 595 frame->securityContext()->contentSecurityPolicy(); | 587 frame->securityContext()->contentSecurityPolicy(); |
| 596 if (policy) { | 588 if (policy) { |
| 597 policy->reportMixedContent( | 589 policy->reportMixedContent( |
| 598 mixedContentUrl, hadRedirect | 590 mixedContentUrl, hadRedirect |
| 599 ? ResourceRequest::RedirectStatus::FollowedRedirect | 591 ? ResourceRequest::RedirectStatus::FollowedRedirect |
| 600 : ResourceRequest::RedirectStatus::NoRedirect); | 592 : ResourceRequest::RedirectStatus::NoRedirect); |
| 601 } | 593 } |
| 602 } | 594 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 621 } | 613 } |
| 622 | 614 |
| 623 bool strictMixedContentCheckingForPlugin = | 615 bool strictMixedContentCheckingForPlugin = |
| 624 mixedFrame->settings() && | 616 mixedFrame->settings() && |
| 625 mixedFrame->settings()->getStrictMixedContentCheckingForPlugin(); | 617 mixedFrame->settings()->getStrictMixedContentCheckingForPlugin(); |
| 626 return WebMixedContent::contextTypeFromRequestContext( | 618 return WebMixedContent::contextTypeFromRequestContext( |
| 627 request.requestContext(), strictMixedContentCheckingForPlugin); | 619 request.requestContext(), strictMixedContentCheckingForPlugin); |
| 628 } | 620 } |
| 629 | 621 |
| 630 } // namespace blink | 622 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2765643002:
Revert of PlzNavigate: send SourceLocation when mixed content is found (Closed)
