| Index: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
|
| index 2cdfed8f5575e1c831273d16757d78c74e333708..682eddbee9d4c10e6fad4dca3c1ea6c124020277 100644
|
| --- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
|
| @@ -51,16 +51,20 @@ namespace blink {
|
|
|
| namespace {
|
|
|
| -// When a frame is local, use its full URL to represent the main resource. When
|
| -// the frame is remote, the full URL isn't accessible, so use the origin. This
|
| -// function is used, for example, to determine the URL to show in console
|
| -// messages about mixed content.
|
| -KURL MainResourceUrlForFrame(Frame* frame) {
|
| - if (frame->IsRemoteFrame()) {
|
| - return KURL(KURL(),
|
| - frame->GetSecurityContext()->GetSecurityOrigin()->ToString());
|
| +// This helper function is used to determine the URL to show for |mixed_frame|
|
| +// in console messages about mixed content. |mixed_frame| is the frame with
|
| +// respect to which content is mixed, and |frame| is the LocalFrame which is
|
| +// loading the resource that triggered mixed content. If the two frames are
|
| +// different, use |mixed_frame|'s origin. This automatically handles the OOPIF
|
| +// cases where mixed_frame might be a RemoteFrame, and is done for consistency
|
| +// even when |mixed_frame| is local.
|
| +KURL MainResourceUrlForMixedFrame(Frame* mixed_frame, LocalFrame* frame) {
|
| + if (mixed_frame != frame) {
|
| + return KURL(
|
| + KURL(),
|
| + mixed_frame->GetSecurityContext()->GetSecurityOrigin()->ToString());
|
| }
|
| - return ToLocalFrame(frame)->GetDocument()->Url();
|
| + return ToLocalFrame(mixed_frame)->GetDocument()->Url();
|
| }
|
|
|
| const char* RequestContextName(WebURLRequest::RequestContext context) {
|
| @@ -408,8 +412,9 @@ bool MixedContentChecker::ShouldBlockFetch(
|
| };
|
|
|
| if (reporting_policy == SecurityViolationReportingPolicy::kReport) {
|
| - LogToConsoleAboutFetch(frame, MainResourceUrlForFrame(mixed_frame), url,
|
| - request_context, allowed, nullptr);
|
| + LogToConsoleAboutFetch(frame,
|
| + MainResourceUrlForMixedFrame(mixed_frame, frame),
|
| + url, request_context, allowed, nullptr);
|
| }
|
| return !allowed;
|
| }
|
| @@ -481,8 +486,8 @@ bool MixedContentChecker::ShouldBlockWebSocket(
|
| client->DidRunInsecureContent(security_origin, url);
|
|
|
| if (reporting_policy == SecurityViolationReportingPolicy::kReport) {
|
| - LogToConsoleAboutWebSocket(frame, MainResourceUrlForFrame(mixed_frame), url,
|
| - allowed);
|
| + LogToConsoleAboutWebSocket(
|
| + frame, MainResourceUrlForMixedFrame(mixed_frame, frame), url, allowed);
|
| }
|
| return !allowed;
|
| }
|
| @@ -514,7 +519,10 @@ bool MixedContentChecker::IsMixedFormAction(
|
| "Mixed Content: The page at '%s' was loaded over a secure connection, "
|
| "but contains a form which targets an insecure endpoint '%s'. This "
|
| "endpoint should be made available over a secure connection.",
|
| - MainResourceUrlForFrame(mixed_frame).ElidedString().Utf8().data(),
|
| + MainResourceUrlForMixedFrame(mixed_frame, frame)
|
| + .ElidedString()
|
| + .Utf8()
|
| + .data(),
|
| url.ElidedString().Utf8().data());
|
| frame->GetDocument()->AddConsoleMessage(ConsoleMessage::Create(
|
| kSecurityMessageSource, kWarningMessageLevel, message));
|
|
|
Chromium Code Reviews
Issue 2900423003:
Use origins instead of URLs in console messages about mixed content.
