Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(555)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/security_state/core/security_state.cc

Issue 2917873004: Implement 'Not secure' warning for non-secure pages in Incognito mode (Closed)
Patch Set: Remove obsolete includes Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « components/security_state/core/security_state.h ('k') | components/security_state/core/security_state_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/security_state/core/security_state.cc
diff --git a/components/security_state/core/security_state.cc b/components/security_state/core/security_state.cc
index a958bf3df8a3d3de16ad86597886f69893e8c7dc..145637433e658a4e7c70f04fdd2eab27ac938b6f 100644
--- a/components/security_state/core/security_state.cc
+++ b/components/security_state/core/security_state.cc
@@ -5,6 +5,7 @@
#include "components/security_state/core/security_state.h"
#include <stdint.h>
+#include <string>
#include "base/command_line.h"
#include "base/metrics/field_trial.h"
@@ -30,22 +31,42 @@ enum MarkHttpStatus {
};
// If |switch_or_field_trial_group| corresponds to a valid
-// MarkHttpAs group, sets |*level| and |*histogram_status| to the
+// MarkHttpAs setting, sets |*level| and |*histogram_status| to the
// appropriate values and returns true. Otherwise, returns false.
bool GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
std::string switch_or_field_trial_group,
bool displayed_sensitive_input_on_http,
+ bool is_incognito,
SecurityLevel* level,
MarkHttpStatus* histogram_status) {
- if (switch_or_field_trial_group != switches::kMarkHttpAsDangerous)
- return false;
- *level = DANGEROUS;
- *histogram_status = NON_SECURE;
- return true;
+ if (switch_or_field_trial_group ==
+ switches::kMarkHttpAsNonSecureWhileIncognito) {
+ *histogram_status = NON_SECURE_WHILE_INCOGNITO;
+ *level = (is_incognito || displayed_sensitive_input_on_http)
+ ? security_state::HTTP_SHOW_WARNING
+ : NONE;
+ return true;
+ }
+ if (switch_or_field_trial_group ==
+ switches::kMarkHttpAsNonSecureWhileIncognitoOrEditing) {
+ *histogram_status = NON_SECURE_WHILE_INCOGNITO_OR_EDITING;
+ *level = (is_incognito || displayed_sensitive_input_on_http)
+ ? security_state::HTTP_SHOW_WARNING
+ : NONE;
+ return true;
+ }
+ if (switch_or_field_trial_group == switches::kMarkHttpAsDangerous) {
+ *histogram_status = NON_SECURE;
+ *level = DANGEROUS;
+ return true;
+ }
+
+ return false;
}
SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
- bool displayed_sensitive_input_on_http) {
+ bool displayed_sensitive_input_on_http,
+ bool is_incognito) {
std::string choice =
base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
switches::kMarkHttpAs);
@@ -59,9 +80,11 @@ SecurityLevel GetSecurityLevelForNonSecureFieldTrial(
// If the command-line switch is set, then it takes precedence over
// the field trial group.
if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
- choice, displayed_sensitive_input_on_http, &level, &status)) {
+ choice, displayed_sensitive_input_on_http, is_incognito, &level,
+ &status)) {
if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
- group, displayed_sensitive_input_on_http, &level, &status)) {
+ group, displayed_sensitive_input_on_http, is_incognito, &level,
+ &status)) {
status = HTTP_SHOW_WARNING_ON_SENSITIVE_FIELDS;
level = displayed_sensitive_input_on_http
? security_state::HTTP_SHOW_WARNING
@@ -128,7 +151,8 @@ SecurityLevel GetSecurityLevelForRequest(
(url.IsStandard() || url.SchemeIs(url::kBlobScheme))) {
return GetSecurityLevelForNonSecureFieldTrial(
visible_security_state.displayed_password_field_on_http ||
- visible_security_state.displayed_credit_card_field_on_http);
+ visible_security_state.displayed_credit_card_field_on_http,
+ visible_security_state.is_incognito);
}
return NONE;
}
@@ -238,10 +262,37 @@ void SecurityInfoForRequest(
is_origin_secure_callback, security_info->sha1_in_chain,
security_info->mixed_content_status,
security_info->content_with_cert_errors_status);
+
+ security_info->incognito_downgraded_security_level =
+ (visible_security_state.is_incognito &&
+ security_info->security_level == HTTP_SHOW_WARNING &&
+ security_state::IsHttpWarningForIncognitoEnabled());
}
} // namespace
+bool IsHttpWarningForIncognitoEnabled() {
+ std::string choice =
+ base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
+ switches::kMarkHttpAs);
+ std::string group = base::FieldTrialList::FindFullName("MarkNonSecureAs");
+ SecurityLevel level = NONE;
+ MarkHttpStatus status;
+
+ // If the command-line switch is set, then it takes precedence over
+ // the field trial group.
+ if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
+ choice, false, true, &level, &status)) {
+ if (!GetSecurityLevelAndHistogramValueForNonSecureFieldTrial(
+ group, false, true, &level, &status)) {
+ return false;
+ }
+ }
+
+ return (status == NON_SECURE_WHILE_INCOGNITO ||
+ status == NON_SECURE_WHILE_INCOGNITO_OR_EDITING);
+}
+
const base::Feature kHttpFormWarningFeature{"HttpFormWarning",
base::FEATURE_DISABLED_BY_DEFAULT};
@@ -261,7 +312,8 @@ SecurityInfo::SecurityInfo()
displayed_password_field_on_http(false),
displayed_credit_card_field_on_http(false),
contained_mixed_form(false),
- cert_missing_subject_alt_name(false) {}
+ cert_missing_subject_alt_name(false),
+ incognito_downgraded_security_level(false) {}
SecurityInfo::~SecurityInfo() {}
@@ -293,7 +345,8 @@ VisibleSecurityState::VisibleSecurityState()
ran_content_with_cert_errors(false),
pkp_bypassed(false),
displayed_password_field_on_http(false),
- displayed_credit_card_field_on_http(false) {}
+ displayed_credit_card_field_on_http(false),
+ is_incognito(false) {}
VisibleSecurityState::~VisibleSecurityState() {}
@@ -315,7 +368,8 @@ bool VisibleSecurityState::operator==(const VisibleSecurityState& other) const {
other.displayed_password_field_on_http &&
displayed_credit_card_field_on_http ==
other.displayed_credit_card_field_on_http &&
- contained_mixed_form == other.contained_mixed_form);
+ contained_mixed_form == other.contained_mixed_form &&
+ is_incognito == other.is_incognito);
}
} // namespace security_state
« no previous file with comments | « components/security_state/core/security_state.h ('k') | components/security_state/core/security_state_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698