| Index: chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java
|
| diff --git a/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java b/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java
|
| index 3a39415c32078db28fa571d0bed43ecdf84b25b0..a139f8f886af981c9fd34529a308dda410518303 100644
|
| --- a/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java
|
| +++ b/chrome/android/java/src/org/chromium/chrome/browser/payments/PaymentRequestImpl.java
|
| @@ -45,6 +45,7 @@ import org.chromium.chrome.browser.tabmodel.TabModelObserver;
|
| import org.chromium.chrome.browser.tabmodel.TabModelSelector;
|
| import org.chromium.chrome.browser.tabmodel.TabModelSelectorObserver;
|
| import org.chromium.components.payments.CurrencyFormatter;
|
| +import org.chromium.components.payments.OriginSecurityChecker;
|
| import org.chromium.components.payments.PaymentValidator;
|
| import org.chromium.components.url_formatter.UrlFormatter;
|
| import org.chromium.content_public.browser.RenderFrameHost;
|
| @@ -405,6 +406,31 @@ public class PaymentRequestImpl
|
| if (mClient != null || client == null) return;
|
| mClient = client;
|
|
|
| + if (!OriginSecurityChecker.isSecureOrigin(mWebContents.getLastCommittedUrl())) {
|
| + recordAbortReasonHistogram(
|
| + PaymentRequestMetrics.ABORT_REASON_INVALID_DATA_FROM_RENDERER);
|
| + disconnectFromClientWithDebugMessage("Not in a secure context");
|
| + return;
|
| + }
|
| +
|
| + mRequestShipping = options != null && options.requestShipping;
|
| + mRequestPayerName = options != null && options.requestPayerName;
|
| + mRequestPayerPhone = options != null && options.requestPayerPhone;
|
| + mRequestPayerEmail = options != null && options.requestPayerEmail;
|
| + mShippingType = options == null ? PaymentShippingType.SHIPPING : options.shippingType;
|
| +
|
| + PaymentRequestMetrics.recordRequestedInformationHistogram(
|
| + mRequestPayerEmail, mRequestPayerPhone, mRequestShipping, mRequestPayerName);
|
| +
|
| + if (OriginSecurityChecker.isCryptographicScheme(mWebContents.getLastCommittedUrl())
|
| + && !SslValidityChecker.isValidSslCertificate(mWebContents)) {
|
| + Log.d(TAG, "SSL certificate is not valid");
|
| + // Don't show any UI. Resolve .canMakePayment() with "false". Reject .show() with
|
| + // "NotSupportedError".
|
| + onAllPaymentAppsCreated();
|
| + return;
|
| + }
|
| +
|
| if (mMethodData != null) {
|
| disconnectFromClientWithDebugMessage("PaymentRequest.show() called more than once.");
|
| recordAbortReasonHistogram(
|
| @@ -432,12 +458,6 @@ public class PaymentRequestImpl
|
| PaymentAppFactory.getInstance().create(mWebContents,
|
| Collections.unmodifiableSet(mMethodData.keySet()), this /* callback */);
|
|
|
| - mRequestShipping = options != null && options.requestShipping;
|
| - mRequestPayerName = options != null && options.requestPayerName;
|
| - mRequestPayerPhone = options != null && options.requestPayerPhone;
|
| - mRequestPayerEmail = options != null && options.requestPayerEmail;
|
| - mShippingType = options == null ? PaymentShippingType.SHIPPING : options.shippingType;
|
| -
|
| // If there is a single payment method and the merchant has not requested any other
|
| // information, we can safely go directly to the payment app instead of showing
|
| // Payment Request UI.
|
| @@ -450,9 +470,6 @@ public class PaymentRequestImpl
|
| // the payment request UI, thus can't be skipped.
|
| && mMethodData.keySet().iterator().next() != null
|
| && mMethodData.keySet().iterator().next().startsWith(UrlConstants.HTTPS_URL_PREFIX);
|
| -
|
| - PaymentRequestMetrics.recordRequestedInformationHistogram(mRequestPayerEmail,
|
| - mRequestPayerPhone, mRequestShipping, mRequestPayerName);
|
| }
|
|
|
| private void buildUI(Activity activity) {
|
|
|
Chromium Code Reviews
Issue 2815763002:
Prevent usage of web payments API over insecure HTTPS. (Closed)
