Implementing mixed content for forms posting to insecure location from secure ones

Source/core/loader/MixedContentChecker.cpp

 /*
  * Copyright (C) 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 40 matching lines @@
 // static
 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const KURL& url)
 {
     if (securityOrigin->protocol() != "https")
         return false; // We only care about HTTPS security origins.
 
     // We're in a secure context, so |url| is mixed content if it's insecure.
     return !SecurityOrigin::isSecure(url);
 }
 
-bool MixedContentChecker::canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const
+bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, bool isForm) const
 {
     if (!isMixedContent(securityOrigin, url))
         return true;
 
     Settings* settings = m_frame->settings();
     bool allowed = client()->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url);
-    logWarning(allowed, "displayed", url);
+    if (!isForm)
+        logWarning(allowed, "displayed insecure content from", "loaded", url);
+    else
+        logWarning(allowed, "is submitting data to an insecure location at", "submitted", url);
 
     if (allowed)
         client()->didDisplayInsecureContent();
 
     return allowed;
 }
 
 bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, bool isWebSocket) const
 {
     if (!isMixedContent(securityOrigin, url))
         return true;
 
     Settings* settings = m_frame->settings();
     bool allowedPerSettings = settings && (settings->allowRunningOfInsecureContent() || (isWebSocket && settings->allowConnectingInsecureWebSocket()));
     bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, securityOrigin, url);
-    logWarning(allowed, "ran", url);
+    logWarning(allowed, "ran insecure content from", "loaded", url);
 
     if (allowed)
         client()->didRunInsecureContent(securityOrigin, url);
 
     return allowed;
 }
 
-void MixedContentChecker::logWarning(bool allowed, const String& action, const KURL& target) const
+void MixedContentChecker::logWarning(bool allowed, const String& action1, const String& action2, const KURL& target) const

[Mike West, 2014/06/06 12:18:18]

I'd prefer that we drop both strings, and turn this into an enum with four
states (perhaps `{ EXECUTION, DISPLAY, CONNECTION, DISPLAY }`). That would also
allow us to fix the WebSockets message, which is bad.

If we had such an enum, I'd also like it to be passed through
can*InsecureContentInternal so that we can drop the boolean arguments. Boolean
arguments are practically meaningless at the callsite; Blink style generally
prefers enums for readability.

[mhm, 2014/06/06 19:11:59]

Done.

 {
-    String message = String(allowed ? "" : "[blocked] ") + "The page at '" + m_frame->document()->url().elidedString() + "' was loaded over HTTPS, but " + action + " insecure content from '" + target.elidedString() + "': this content should also be loaded over HTTPS.\n";
+    String message = String(allowed ? "" : "[blocked] ") + "The page at '" + m_frame->document()->url().elidedString() + "' was loaded over HTTPS, but " + action1 + " '" + target.elidedString() + "': this content should also be " + action2 + " over HTTPS.\n";
     MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel;
     m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel, message);
 }
 
 } // namespace WebCore