OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
55 { | 55 { |
56 if (securityOrigin->protocol() != "https") | 56 if (securityOrigin->protocol() != "https") |
57 return false; // We only care about HTTPS security origins. | 57 return false; // We only care about HTTPS security origins. |
58 | 58 |
59 // We're in a secure context, so |url| is mixed content if it's insecure. | 59 // We're in a secure context, so |url| is mixed content if it's insecure. |
60 return !SecurityOrigin::isSecure(url); | 60 return !SecurityOrigin::isSecure(url); |
61 } | 61 } |
62 | 62 |
63 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu
rityOrigin, const KURL& url, const MixedContentType type) const | 63 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu
rityOrigin, const KURL& url, const MixedContentType type) const |
64 { | 64 { |
| 65 // Check the top frame if it differs from MixedContentChecker's m_frame. |
| 66 if (!m_frame->tree().top()->isLocalFrame()) { |
| 67 // FIXME: We need a way to access the top-level frame's MixedContentChec
ker when that frame |
| 68 // is in a different process from the current frame. Until that is done,
we always allow |
| 69 // loads in remote frames. |
| 70 return false; |
| 71 } |
| 72 Frame* top = m_frame->tree().top(); |
| 73 if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->ca
nDisplayInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url)) |
| 74 return false; |
| 75 |
| 76 // Then check the current frame: |
65 if (!isMixedContent(securityOrigin, url)) | 77 if (!isMixedContent(securityOrigin, url)) |
66 return true; | 78 return true; |
67 | 79 |
68 Settings* settings = m_frame->settings(); | 80 Settings* settings = m_frame->settings(); |
69 bool allowed = client()->allowDisplayingInsecureContent(settings && settings
->allowDisplayOfInsecureContent(), securityOrigin, url); | 81 bool allowed = client()->allowDisplayingInsecureContent(settings && settings
->allowDisplayOfInsecureContent(), securityOrigin, url); |
70 logWarning(allowed, url, type); | 82 logWarning(allowed, url, type); |
71 | 83 |
72 if (allowed) | 84 if (allowed) |
73 client()->didDisplayInsecureContent(); | 85 client()->didDisplayInsecureContent(); |
74 | 86 |
75 return allowed; | 87 return allowed; |
76 } | 88 } |
77 | 89 |
78 bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security
Origin, const KURL& url, const MixedContentType type) const | 90 bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security
Origin, const KURL& url, const MixedContentType type) const |
79 { | 91 { |
| 92 // Check the top frame if it differs from MixedContentChecker's m_frame. |
| 93 if (!m_frame->tree().top()->isLocalFrame()) { |
| 94 // FIXME: We need a way to access the top-level frame's MixedContentChec
ker when that frame |
| 95 // is in a different process from the current frame. Until that is done,
we always allow |
| 96 // loads in remote frames. |
| 97 return false; |
| 98 } |
| 99 Frame* top = m_frame->tree().top(); |
| 100 if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->ca
nRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url)) |
| 101 return false; |
| 102 |
| 103 // Then check the current frame: |
80 if (!isMixedContent(securityOrigin, url)) | 104 if (!isMixedContent(securityOrigin, url)) |
81 return true; | 105 return true; |
82 | 106 |
83 Settings* settings = m_frame->settings(); | 107 Settings* settings = m_frame->settings(); |
84 bool allowedPerSettings = settings && (settings->allowRunningOfInsecureConte
nt() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket())); | 108 bool allowedPerSettings = settings && (settings->allowRunningOfInsecureConte
nt() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket())); |
85 bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, sec
urityOrigin, url); | 109 bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, sec
urityOrigin, url); |
86 logWarning(allowed, url, type); | 110 logWarning(allowed, url, type); |
87 | 111 |
88 if (allowed) | 112 if (allowed) |
89 client()->didRunInsecureContent(securityOrigin, url); | 113 client()->didRunInsecureContent(securityOrigin, url); |
(...skipping 23 matching lines...) Expand all Loading... |
113 break; | 137 break; |
114 case Submission: | 138 case Submission: |
115 message.append("is submitting data to an insecure location at '" + targe
t.elidedString() + "': this content should also be submitted over HTTPS.\n"); | 139 message.append("is submitting data to an insecure location at '" + targe
t.elidedString() + "': this content should also be submitted over HTTPS.\n"); |
116 break; | 140 break; |
117 } | 141 } |
118 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; | 142 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; |
119 m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel,
message.toString()); | 143 m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel,
message.toString()); |
120 } | 144 } |
121 | 145 |
122 } // namespace WebCore | 146 } // namespace WebCore |
OLD | NEW |