Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1300)

Unified Diff: Source/core/loader/MixedContentChecker.cpp

Issue 311033003: Implementing mixed content for forms posting to insecure location from secure ones (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed the error when action attribute is empty. Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/loader/MixedContentChecker.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/MixedContentChecker.cpp
diff --git a/Source/core/loader/MixedContentChecker.cpp b/Source/core/loader/MixedContentChecker.cpp
index af7f992b2390a1bb4410b2da8fdb9f542b94d2ea..75e9737cd51391e37494c5be4b2107897335b82e 100644
--- a/Source/core/loader/MixedContentChecker.cpp
+++ b/Source/core/loader/MixedContentChecker.cpp
@@ -35,6 +35,7 @@
#include "core/loader/FrameLoader.h"
#include "core/loader/FrameLoaderClient.h"
#include "platform/weborigin/SecurityOrigin.h"
+#include "wtf/text/StringBuilder.h"
namespace WebCore {
@@ -58,14 +59,14 @@ bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K
return !SecurityOrigin::isSecure(url);
}
-bool MixedContentChecker::canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const
+bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, const MixedContentType type) const
{
if (!isMixedContent(securityOrigin, url))
return true;
Settings* settings = m_frame->settings();
bool allowed = client()->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url);
- logWarning(allowed, "displayed", url);
+ logWarning(allowed, url, type);
if (allowed)
client()->didDisplayInsecureContent();
@@ -73,15 +74,15 @@ bool MixedContentChecker::canDisplayInsecureContent(SecurityOrigin* securityOrig
return allowed;
}
-bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, bool isWebSocket) const
+bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, const MixedContentType type) const
{
if (!isMixedContent(securityOrigin, url))
return true;
Settings* settings = m_frame->settings();
- bool allowedPerSettings = settings && (settings->allowRunningOfInsecureContent() || (isWebSocket && settings->allowConnectingInsecureWebSocket()));
+ bool allowedPerSettings = settings && (settings->allowRunningOfInsecureContent() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket()));
bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, securityOrigin, url);
- logWarning(allowed, "ran", url);
+ logWarning(allowed, url, type);
if (allowed)
client()->didRunInsecureContent(securityOrigin, url);
@@ -89,11 +90,25 @@ bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security
return allowed;
}
-void MixedContentChecker::logWarning(bool allowed, const String& action, const KURL& target) const
+void MixedContentChecker::logWarning(bool allowed, const KURL& target, const MixedContentType type) const
{
- String message = String(allowed ? "" : "[blocked] ") + "The page at '" + m_frame->document()->url().elidedString() + "' was loaded over HTTPS, but " + action + " insecure content from '" + target.elidedString() + "': this content should also be loaded over HTTPS.\n";
+ StringBuilder message;
+ message.append((allowed ? "" : "[blocked] "));
+ message.append("The page at '" + m_frame->document()->url().elidedString() + "' was loaded over HTTPS, but ");
+ switch (type) {
+ case Display:
+ message.append("displayed insecure content from '" + target.elidedString() + "': this content should also be loaded over HTTPS.\n");
+ break;
+ case Execution:
+ case WebSocket:
+ message.append("ran insecure content from '" + target.elidedString() + "': this content should also be loaded over HTTPS.\n");
+ break;
+ case Submission:
+ message.append("is submitting data to an insecure location at '" + target.elidedString() + "': this content should also be submitted over HTTPS.\n");
+ break;
+ }
MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel;
- m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel, message);
+ m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel, message.toString());
}
} // namespace WebCore
« no previous file with comments | « Source/core/loader/MixedContentChecker.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698