Index: Source/core/loader/MixedContentChecker.cpp |
diff --git a/Source/core/loader/MixedContentChecker.cpp b/Source/core/loader/MixedContentChecker.cpp |
index af7f992b2390a1bb4410b2da8fdb9f542b94d2ea..75e9737cd51391e37494c5be4b2107897335b82e 100644 |
--- a/Source/core/loader/MixedContentChecker.cpp |
+++ b/Source/core/loader/MixedContentChecker.cpp |
@@ -35,6 +35,7 @@ |
#include "core/loader/FrameLoader.h" |
#include "core/loader/FrameLoaderClient.h" |
#include "platform/weborigin/SecurityOrigin.h" |
+#include "wtf/text/StringBuilder.h" |
namespace WebCore { |
@@ -58,14 +59,14 @@ bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K |
return !SecurityOrigin::isSecure(url); |
} |
-bool MixedContentChecker::canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const |
+bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, const MixedContentType type) const |
{ |
if (!isMixedContent(securityOrigin, url)) |
return true; |
Settings* settings = m_frame->settings(); |
bool allowed = client()->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url); |
- logWarning(allowed, "displayed", url); |
+ logWarning(allowed, url, type); |
if (allowed) |
client()->didDisplayInsecureContent(); |
@@ -73,15 +74,15 @@ bool MixedContentChecker::canDisplayInsecureContent(SecurityOrigin* securityOrig |
return allowed; |
} |
-bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, bool isWebSocket) const |
+bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, const MixedContentType type) const |
{ |
if (!isMixedContent(securityOrigin, url)) |
return true; |
Settings* settings = m_frame->settings(); |
- bool allowedPerSettings = settings && (settings->allowRunningOfInsecureContent() || (isWebSocket && settings->allowConnectingInsecureWebSocket())); |
+ bool allowedPerSettings = settings && (settings->allowRunningOfInsecureContent() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket())); |
bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, securityOrigin, url); |
- logWarning(allowed, "ran", url); |
+ logWarning(allowed, url, type); |
if (allowed) |
client()->didRunInsecureContent(securityOrigin, url); |
@@ -89,11 +90,25 @@ bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security |
return allowed; |
} |
-void MixedContentChecker::logWarning(bool allowed, const String& action, const KURL& target) const |
+void MixedContentChecker::logWarning(bool allowed, const KURL& target, const MixedContentType type) const |
{ |
- String message = String(allowed ? "" : "[blocked] ") + "The page at '" + m_frame->document()->url().elidedString() + "' was loaded over HTTPS, but " + action + " insecure content from '" + target.elidedString() + "': this content should also be loaded over HTTPS.\n"; |
+ StringBuilder message; |
+ message.append((allowed ? "" : "[blocked] ")); |
+ message.append("The page at '" + m_frame->document()->url().elidedString() + "' was loaded over HTTPS, but "); |
+ switch (type) { |
+ case Display: |
+ message.append("displayed insecure content from '" + target.elidedString() + "': this content should also be loaded over HTTPS.\n"); |
+ break; |
+ case Execution: |
+ case WebSocket: |
+ message.append("ran insecure content from '" + target.elidedString() + "': this content should also be loaded over HTTPS.\n"); |
+ break; |
+ case Submission: |
+ message.append("is submitting data to an insecure location at '" + target.elidedString() + "': this content should also be submitted over HTTPS.\n"); |
+ break; |
+ } |
MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel; |
- m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel, message); |
+ m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel, message.toString()); |
} |
} // namespace WebCore |