chrome/browser/ssl/security_state_tab_helper.cc - Issue 2917873004: Implement 'Not secure' warning for non-secure pages in Incognito mode

Side by Side Diff: chrome/browser/ssl/security_state_tab_helper.cc

Issue 2917873004: Implement 'Not secure' warning for non-secure pages in Incognito mode (Closed)

Patch Set: Move console log to Navigation completion Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « chrome/browser/ssl/security_state_tab_helper.h ('k') | chrome/browser/ssl/security_state_tab_helper_browser_tests.cc » ('j') | components/security_state/core/security_state.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ssl/security_state_tab_helper.h"	5 #include "chrome/browser/ssl/security_state_tab_helper.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/metrics/histogram_macros.h"	8 #include "base/metrics/histogram_macros.h"

9 #include "base/time/time.h"	9 #include "base/time/time.h"

10 #include "build/build_config.h"	10 #include "build/build_config.h"

11 #include "chrome/browser/browser_process.h"	11 #include "chrome/browser/browser_process.h"

12 #include "chrome/browser/profiles/profile.h"	12 #include "chrome/browser/profiles/profile.h"

13 #include "chrome/browser/safe_browsing/safe_browsing_service.h"	13 #include "chrome/browser/safe_browsing/safe_browsing_service.h"

14 #include "chrome/browser/safe_browsing/ui_manager.h"	14 #include "chrome/browser/safe_browsing/ui_manager.h"

15 #include "components/prefs/pref_service.h"	15 #include "components/prefs/pref_service.h"

16 #include "components/security_state/content/content_utils.h"	16 #include "components/security_state/content/content_utils.h"

17 #include "components/ssl_config/ssl_config_prefs.h"	17 #include "components/ssl_config/ssl_config_prefs.h"

	18 #include "content/public/browser/browser_context.h"

18 #include "content/public/browser/navigation_entry.h"	19 #include "content/public/browser/navigation_entry.h"

19 #include "content/public/browser/navigation_handle.h"	20 #include "content/public/browser/navigation_handle.h"

20 #include "content/public/browser/render_frame_host.h"	21 #include "content/public/browser/render_frame_host.h"

21 #include "content/public/browser/web_contents.h"	22 #include "content/public/browser/web_contents.h"

22 #include "content/public/common/origin_util.h"	23 #include "content/public/common/origin_util.h"

23 #include "net/base/net_errors.h"	24 #include "net/base/net_errors.h"

24 #include "net/cert/x509_certificate.h"	25 #include "net/cert/x509_certificate.h"

25 #include "net/ssl/ssl_cipher_suite_names.h"	26 #include "net/ssl/ssl_cipher_suite_names.h"

26 #include "net/ssl/ssl_connection_status_flags.h"	27 #include "net/ssl/ssl_connection_status_flags.h"

27 #include "third_party/boringssl/src/include/openssl/ssl.h"	28 #include "third_party/boringssl/src/include/openssl/ssl.h"

(...skipping 79 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
107 // After recording the histogram, clear the time of the warning. A	108 // After recording the histogram, clear the time of the warning. A

108 // timing histogram will not be recorded again on this page, because	109 // timing histogram will not be recorded again on this page, because

109 // the time is only set the first time the HTTP-bad warning is shown	110 // the time is only set the first time the HTTP-bad warning is shown

110 // per page.	111 // per page.

111 time_of_http_warning_on_current_navigation_ = base::Time();	112 time_of_http_warning_on_current_navigation_ = base::Time();

112 }	113 }

113	114

114 void SecurityStateTabHelper::DidFinishNavigation(	115 void SecurityStateTabHelper::DidFinishNavigation(

115 content::NavigationHandle* navigation_handle) {	116 content::NavigationHandle* navigation_handle) {

116 if (navigation_handle->IsInMainFrame() &&	117 if (navigation_handle->IsInMainFrame() &&

117 !navigation_handle->IsSameDocument()) {	118 !navigation_handle->IsSameDocument()) {
	estark 2017/06/09 05:09:38 I think this needs a `&& navigation_handle->HasCom I think this needs a `&& navigation_handle->HasCommitted()` + test as well. (sorry, existing bug, but might as well fix it here since it'll apply to the incognito case) elawrence 2017/06/13 15:31:35 Done and test added. The console clears when a na Show quoted text On 2017/06/09 05:09:38, estark wrote: > I think this needs a `&& navigation_handle->HasCommitted()` + test as well. > (sorry, existing bug, but might as well fix it here since it'll apply to the > incognito case) Done and test added. The console clears when a navigation begins; if the navigation doesn't commit (e.g. goes to a download or a 204) then the console message will be lost and won't reflect the present state of the page. That's in contrast to the Security panel, which refreshes itself with the current page's data in this scenario. But I suppose that is in line with how the console works otherwise.
118 // Only reset the console message flag for main-frame navigations,	119 // Only reset the console message flag for main-frame navigations,

119 // and not for same-document navigations like reference fragments and	120 // and not for same-document navigations like reference fragments and

120 // pushState.	121 // pushState.

121 logged_http_warning_on_current_navigation_ = false;	122 logged_http_warning_on_current_navigation_ = false;

	123

	124 security_state::SecurityInfo security_info;

	125 GetSecurityInfo(&security_info);

	126 if (security_info.is_incognito &&

	127 security_info.security_level == security_state::HTTP_SHOW_WARNING) {

	128 web_contents()->GetMainFrame()->AddMessageToConsole(

	129 content::CONSOLE_MESSAGE_LEVEL_WARNING,

	130 "This page was loaded non-securely in an incognito mode browser. A "

	131 "warning has been added to the URL bar. For more information, see "

	132 "https://goo.gl/y8SRRv.");

	133 }

122 }	134 }

123 }	135 }

124	136

125 void SecurityStateTabHelper::WebContentsDestroyed() {	137 void SecurityStateTabHelper::WebContentsDestroyed() {

126 if (time_of_http_warning_on_current_navigation_.is_null()) {	138 if (time_of_http_warning_on_current_navigation_.is_null()) {

127 return;	139 return;

128 }	140 }

129 // Record how quickly the tab is closed after a user encounters an	141 // Record how quickly the tab is closed after a user encounters an

130 // HTTP-bad warning. This histogram will only be recorded if the	142 // HTTP-bad warning. This histogram will only be recorded if the

131 // WebContents is destroyed before another navigation begins.	143 // WebContents is destroyed before another navigation begins.

(...skipping 60 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
192 }	204 }

193	205

194 std::unique_ptr<security_state::VisibleSecurityState>	206 std::unique_ptr<security_state::VisibleSecurityState>

195 SecurityStateTabHelper::GetVisibleSecurityState() const {	207 SecurityStateTabHelper::GetVisibleSecurityState() const {

196 auto state = security_state::GetVisibleSecurityState(web_contents());	208 auto state = security_state::GetVisibleSecurityState(web_contents());

197	209

198 // Malware status might already be known even if connection security	210 // Malware status might already be known even if connection security

199 // information is still being initialized, thus no need to check for that.	211 // information is still being initialized, thus no need to check for that.

200 state->malicious_content_status = GetMaliciousContentStatus();	212 state->malicious_content_status = GetMaliciousContentStatus();

201	213

	214 if (!state->certificate &&
	estark 2017/06/09 05:09:37 Curious why check the certificate here? You could Curious why check the certificate here? You could check content::IsOriginSecure(web_contents()->GetController().GetVisibleEntry()->GetURL()) to be consistent with Phase 1 (https://cs.chromium.org/chromium/src/components/password_manager/content/brow...) elawrence 2017/06/13 15:31:35 It was intended as a simple optimization to avoid Show quoted text On 2017/06/09 05:09:37, estark wrote: > Curious why check the certificate here? You could check > content::IsOriginSecure(web_contents()->GetController().GetVisibleEntry()->GetURL()) > to be consistent with Phase 1 > (https://cs.chromium.org/chromium/src/components/password_manager/content/brow...) It was intended as a simple optimization to avoid performing more expensive work in the common case where the page is HTTPS. I'll revise this section to make it simpler.
	215 security_state::IsHttpWarningForIncognitoEnabled()) {
	estark 2017/06/09 05:09:38 IIRC, the reason for checking the field trial here IIRC, the reason for checking the field trial here was to avoid checking the field trial on every call, but it doesn't look like you're caching the result of the field trial check anywhere. I suggest either: - Check security_state::IsHttpWarningForIncognitoEnabled() once in the SecurityStateTabHelper constructor and remember the result as a data member, and rename VisibleSecurityState::is_incognito to \|is_incognito_warning_enabled\| or something to indicate that it might be false even when we are in incognito. - OR decide that we don't care about the cost of checking the field trial (I think that would probably be reasonable given that it hasn't been an issue so far). In that case I'd make VisibileSecurityState::is_incognito do what it says on the tin (set it to true if and only if we are in incognito mode) and do the field trial check inside security_state.cc where we do the other field trial checks. elawrence 2017/06/13 15:31:35 The is_incognito flag now does what it says on the Show quoted text On 2017/06/09 05:09:38, estark wrote: > IIRC, the reason for checking the field trial here was to avoid checking the > field trial on every call, but it doesn't look like you're caching the result of > the field trial check anywhere. I suggest either: > > - Check security_state::IsHttpWarningForIncognitoEnabled() once in the > SecurityStateTabHelper constructor and remember the result as a data member, and > rename VisibleSecurityState::is_incognito to \|is_incognito_warning_enabled\| or > something to indicate that it might be false even when we are in incognito. > > - OR decide that we don't care about the cost of checking the field trial (I > think that would probably be reasonable given that it hasn't been an issue so > far). In that case I'd make VisibileSecurityState::is_incognito do what it says > on the tin (set it to true if and only if we are in incognito mode) and do the > field trial check inside security_state.cc where we do the other field trial > checks. The is_incognito flag now does what it says on the tin.
	216 content::BrowserContext* context = web_contents()->GetBrowserContext();

	217 if (context->IsOffTheRecord() &&

	218 !Profile::FromBrowserContext(context)->IsGuestSession()) {
	estark 2017/06/09 05:09:38 If it's not too hard, could you add a test that th If it's not too hard, could you add a test that the warning isn't shown in guest mode? elawrence 2017/06/13 15:31:35 Added SecurityStateTabHelperTest.SecurityLevelNotD Show quoted text On 2017/06/09 05:09:38, estark wrote: > If it's not too hard, could you add a test that the warning isn't shown in guest > mode? Added SecurityStateTabHelperTest.SecurityLevelNotDowngradedForHTTPInGuestMode.
	219 state->is_incognito = true;

	220 }

	221 }

202 return state;	222 return state;

203 }	223 }

OLD	NEW