OLD | NEW |
---|---|
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/payments/content/payment_request.h" | 5 #include "components/payments/content/payment_request.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
(...skipping 27 matching lines...) Expand all Loading... | |
38 | 38 |
39 PaymentRequest::~PaymentRequest() {} | 39 PaymentRequest::~PaymentRequest() {} |
40 | 40 |
41 void PaymentRequest::Init(mojom::PaymentRequestClientPtr client, | 41 void PaymentRequest::Init(mojom::PaymentRequestClientPtr client, |
42 std::vector<mojom::PaymentMethodDataPtr> method_data, | 42 std::vector<mojom::PaymentMethodDataPtr> method_data, |
43 mojom::PaymentDetailsPtr details, | 43 mojom::PaymentDetailsPtr details, |
44 mojom::PaymentOptionsPtr options) { | 44 mojom::PaymentOptionsPtr options) { |
45 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 45 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
46 client_ = std::move(client); | 46 client_ = std::move(client); |
47 | 47 |
48 if (!OriginSecurityChecker::IsOriginSecure( | 48 GURL last_committed_url = delegate_->GetLastCommittedURL(); |
meacer
2017/05/02 21:21:54
nit: const GURL
please use gerrit instead
2017/05/03 20:53:51
Done.
| |
49 delegate_->GetLastCommittedURL())) { | 49 if (!OriginSecurityChecker::IsOriginSecure(last_committed_url)) { |
meacer
2017/05/02 21:21:54
IsOriginSecure returns true for a bunch of schemes
please use gerrit instead
2017/05/03 20:53:51
This check is to verify that the renderer is behav
meacer
2017/05/03 21:08:53
Thanks for the clarification. I didn't notice the
| |
50 LOG(ERROR) << "Not in a secure origin"; | 50 LOG(ERROR) << "Not in a secure origin"; |
51 OnConnectionTerminated(); | 51 OnConnectionTerminated(); |
52 return; | 52 return; |
53 } | 53 } |
54 | 54 |
55 if (OriginSecurityChecker::IsSchemeCryptographic( | 55 bool allowed_origin = |
56 delegate_->GetLastCommittedURL()) && | 56 OriginSecurityChecker::IsSchemeCryptographic(last_committed_url) || |
57 !delegate_->IsSslCertificateValid()) { | 57 OriginSecurityChecker::IsOriginLocalhostOrFile(last_committed_url); |
58 if (!allowed_origin) { | |
59 LOG(ERROR) << "Only localhost, file://, and cryptographic scheme origins " | |
60 "allowed"; | |
61 } | |
62 | |
63 bool invalid_ssl = | |
64 OriginSecurityChecker::IsSchemeCryptographic(last_committed_url) && | |
65 !delegate_->IsSslCertificateValid(); | |
66 if (invalid_ssl) | |
58 LOG(ERROR) << "SSL certificate is not valid"; | 67 LOG(ERROR) << "SSL certificate is not valid"; |
68 | |
69 if (!allowed_origin || invalid_ssl) { | |
59 // Don't show UI. Resolve .canMakepayment() with "false". Reject .show() | 70 // Don't show UI. Resolve .canMakepayment() with "false". Reject .show() |
60 // with "NotSupportedError". | 71 // with "NotSupportedError". |
61 spec_ = base::MakeUnique<PaymentRequestSpec>( | 72 spec_ = base::MakeUnique<PaymentRequestSpec>( |
62 mojom::PaymentOptions::New(), mojom::PaymentDetails::New(), | 73 mojom::PaymentOptions::New(), mojom::PaymentDetails::New(), |
63 std::vector<mojom::PaymentMethodDataPtr>(), this, | 74 std::vector<mojom::PaymentMethodDataPtr>(), this, |
64 delegate_->GetApplicationLocale()); | 75 delegate_->GetApplicationLocale()); |
65 state_ = base::MakeUnique<PaymentRequestState>( | 76 state_ = base::MakeUnique<PaymentRequestState>( |
66 spec_.get(), this, delegate_->GetApplicationLocale(), | 77 spec_.get(), this, delegate_->GetApplicationLocale(), |
67 delegate_->GetPersonalDataManager(), delegate_.get()); | 78 delegate_->GetPersonalDataManager(), delegate_.get()); |
68 return; | 79 return; |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
189 binding_.Close(); | 200 binding_.Close(); |
190 delegate_->CloseDialog(); | 201 delegate_->CloseDialog(); |
191 manager_->DestroyRequest(this); | 202 manager_->DestroyRequest(this); |
192 } | 203 } |
193 | 204 |
194 void PaymentRequest::Pay() { | 205 void PaymentRequest::Pay() { |
195 state_->GeneratePaymentResponse(); | 206 state_->GeneratePaymentResponse(); |
196 } | 207 } |
197 | 208 |
198 } // namespace payments | 209 } // namespace payments |
OLD | NEW |