Chromium Code Reviews Chromium Code Reviews
Issue 2917873004:
Implement 'Not secure' warning for non-secure pages in Incognito mode (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ | 5 #ifndef COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_ |
| 6 #define COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ | 6 #define COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 #include <memory> | 9 #include <memory> |
| 10 | 10 |
| 11 #include "base/callback.h" | 11 #include "base/callback.h" |
| 12 #include "base/feature_list.h" | 12 #include "base/feature_list.h" |
| 13 #include "base/macros.h" | 13 #include "base/macros.h" |
| 14 #include "net/cert/cert_status_flags.h" | 14 #include "net/cert/cert_status_flags.h" |
| 15 #include "net/cert/sct_status_flags.h" | 15 #include "net/cert/sct_status_flags.h" |
| 16 #include "net/cert/x509_certificate.h" | 16 #include "net/cert/x509_certificate.h" |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 134 bool pkp_bypassed; | 134 bool pkp_bypassed; |
| 135 // True if the page displayed password field on an HTTP page. | 135 // True if the page displayed password field on an HTTP page. |
| 136 bool displayed_password_field_on_http; | 136 bool displayed_password_field_on_http; |
| 137 // True if the page displayed credit card field on an HTTP page. | 137 // True if the page displayed credit card field on an HTTP page. |
| 138 bool displayed_credit_card_field_on_http; | 138 bool displayed_credit_card_field_on_http; |
| 139 // True if the secure page contained a form with a nonsecure target. | 139 // True if the secure page contained a form with a nonsecure target. |
| 140 bool contained_mixed_form; | 140 bool contained_mixed_form; |
| 141 // True if the server's certificate does not contain a | 141 // True if the server's certificate does not contain a |
| 142 // subjectAltName extension with a domain name or IP address. | 142 // subjectAltName extension with a domain name or IP address. |
| 143 bool cert_missing_subject_alt_name; | 143 bool cert_missing_subject_alt_name; |
| 144 // True if the page was displayed in an Incognito context. | |
| 145 bool is_incognito; | |
|
estark
2017/06/13 22:47:11
optional nit: it might be more useful to have this
elawrence
2017/06/14 17:01:39
This is now |incognito_downgraded_security_level|
| |
| 144 }; | 146 }; |
| 145 | 147 |
| 146 // Contains the security state relevant to computing the SecurityInfo | 148 // Contains the security state relevant to computing the SecurityInfo |
| 147 // for a page. This is the input to GetSecurityInfo(). | 149 // for a page. This is the input to GetSecurityInfo(). |
| 148 struct VisibleSecurityState { | 150 struct VisibleSecurityState { |
| 149 VisibleSecurityState(); | 151 VisibleSecurityState(); |
| 150 ~VisibleSecurityState(); | 152 ~VisibleSecurityState(); |
| 151 bool operator==(const VisibleSecurityState& other) const; | 153 bool operator==(const VisibleSecurityState& other) const; |
| 152 GURL url; | 154 GURL url; |
| 153 | 155 |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 174 // True if the page displayed passive subresources with certificate errors. | 176 // True if the page displayed passive subresources with certificate errors. |
| 175 bool displayed_content_with_cert_errors; | 177 bool displayed_content_with_cert_errors; |
| 176 // True if the page ran active subresources with certificate errors. | 178 // True if the page ran active subresources with certificate errors. |
| 177 bool ran_content_with_cert_errors; | 179 bool ran_content_with_cert_errors; |
| 178 // True if PKP was bypassed due to a local trust anchor. | 180 // True if PKP was bypassed due to a local trust anchor. |
| 179 bool pkp_bypassed; | 181 bool pkp_bypassed; |
| 180 // True if the page was an HTTP page that displayed a password field. | 182 // True if the page was an HTTP page that displayed a password field. |
| 181 bool displayed_password_field_on_http; | 183 bool displayed_password_field_on_http; |
| 182 // True if the page was an HTTP page that displayed a credit card field. | 184 // True if the page was an HTTP page that displayed a credit card field. |
| 183 bool displayed_credit_card_field_on_http; | 185 bool displayed_credit_card_field_on_http; |
| 186 // True if the page was displayed in an Incognito context. | |
| 187 bool is_incognito; | |
| 184 }; | 188 }; |
| 185 | 189 |
| 186 // These security levels describe the treatment given to pages that | 190 // These security levels describe the treatment given to pages that |
| 187 // display and run mixed content. They are used to coordinate the | 191 // display and run mixed content. They are used to coordinate the |
| 188 // treatment of mixed content with other security UI elements. | 192 // treatment of mixed content with other security UI elements. |
| 189 constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE; | 193 constexpr SecurityLevel kDisplayedInsecureContentLevel = NONE; |
| 190 constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS; | 194 constexpr SecurityLevel kRanInsecureContentLevel = DANGEROUS; |
| 191 | 195 |
| 192 // Returns true if the given |url|'s origin should be considered secure. | 196 // Returns true if the given |url|'s origin should be considered secure. |
| 193 using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>; | 197 using IsOriginSecureCallback = base::Callback<bool(const GURL& url)>; |
| 194 | 198 |
| 195 // Populates |result| to describe the current page. | 199 // Populates |result| to describe the current page. |
| 196 // |visible_security_state| contains the relevant security state. | 200 // |visible_security_state| contains the relevant security state. |
| 197 // |used_policy_installed_certificate| indicates whether the page or request | 201 // |used_policy_installed_certificate| indicates whether the page or request |
| 198 // is known to be loaded with a certificate installed by the system admin. | 202 // is known to be loaded with a certificate installed by the system admin. |
| 199 // |is_origin_secure_callback| determines whether a URL's origin should be | 203 // |is_origin_secure_callback| determines whether a URL's origin should be |
| 200 // considered secure. | 204 // considered secure. |
| 201 void GetSecurityInfo( | 205 void GetSecurityInfo( |
| 202 std::unique_ptr<VisibleSecurityState> visible_security_state, | 206 std::unique_ptr<VisibleSecurityState> visible_security_state, |
| 203 bool used_policy_installed_certificate, | 207 bool used_policy_installed_certificate, |
| 204 IsOriginSecureCallback is_origin_secure_callback, | 208 IsOriginSecureCallback is_origin_secure_callback, |
| 205 SecurityInfo* result); | 209 SecurityInfo* result); |
| 206 | 210 |
| 207 // Returns true if an experimental form warning UI about HTTP passwords | 211 // Returns true if an experimental form warning UI about HTTP passwords |
| 208 // and credit cards is enabled. This warning UI can be enabled with the | 212 // and credit cards is enabled. This warning UI can be enabled with the |
| 209 // |kHttpFormWarningFeature| feature. | 213 // |kHttpFormWarningFeature| feature. |
| 210 bool IsHttpWarningInFormEnabled(); | 214 bool IsHttpWarningInFormEnabled(); |
| 211 | 215 |
| 216 // Returns true if the MarkHttpAs setting indicates that a warning | |
| 217 // should be shown for HTTP pages loaded while in Incognito mode. | |
| 218 bool IsHttpWarningForIncognitoEnabled(); | |
| 219 | |
| 212 } // namespace security_state | 220 } // namespace security_state |
| 213 | 221 |
| 214 #endif // COMPONENTS_SECURITY_STATE_SECURITY_STATE_H_ | 222 #endif // COMPONENTS_SECURITY_STATE_CORE_SECURITY_STATE_H_ |
| OLD | NEW |
