Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(316)

Side by Side Diff: Source/core/loader/MixedContentChecker.cpp

Issue 348853009: Refactor mixed content checks against the top frame into MixedContentChecker. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: WSS. Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2012 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
55 { 55 {
56 if (securityOrigin->protocol() != "https") 56 if (securityOrigin->protocol() != "https")
57 return false; // We only care about HTTPS security origins. 57 return false; // We only care about HTTPS security origins.
58 58
59 // We're in a secure context, so |url| is mixed content if it's insecure. 59 // We're in a secure context, so |url| is mixed content if it's insecure.
60 return !SecurityOrigin::isSecure(url); 60 return !SecurityOrigin::isSecure(url);
61 } 61 }
62 62
63 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu rityOrigin, const KURL& url, const MixedContentType type) const 63 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu rityOrigin, const KURL& url, const MixedContentType type) const
64 { 64 {
65 // Check the top frame if it differs from MixedContentChecker's m_frame.
66 if (!m_frame->tree().top()->isLocalFrame()) {
67 // FIXME: We need a way to access the top-level frame's MixedContentChec ker when that frame
68 // is in a different process from the current frame. Until that is done, we always allow
69 // loads in remote frames.
70 return false;
71 }
72 Frame* top = m_frame->tree().top();
73 if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->ca nDisplayInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
74 return false;
75
76 // Then check the current frame:
65 if (!isMixedContent(securityOrigin, url)) 77 if (!isMixedContent(securityOrigin, url))
66 return true; 78 return true;
67 79
68 Settings* settings = m_frame->settings(); 80 Settings* settings = m_frame->settings();
69 bool allowed = client()->allowDisplayingInsecureContent(settings && settings ->allowDisplayOfInsecureContent(), securityOrigin, url); 81 bool allowed = client()->allowDisplayingInsecureContent(settings && settings ->allowDisplayOfInsecureContent(), securityOrigin, url);
70 logWarning(allowed, url, type); 82 logWarning(allowed, url, type);
71 83
72 if (allowed) 84 if (allowed)
73 client()->didDisplayInsecureContent(); 85 client()->didDisplayInsecureContent();
74 86
75 return allowed; 87 return allowed;
76 } 88 }
77 89
78 bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security Origin, const KURL& url, const MixedContentType type) const 90 bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security Origin, const KURL& url, const MixedContentType type) const
79 { 91 {
92 // Check the top frame if it differs from MixedContentChecker's m_frame.
93 if (!m_frame->tree().top()->isLocalFrame()) {
94 // FIXME: We need a way to access the top-level frame's MixedContentChec ker when that frame
95 // is in a different process from the current frame. Until that is done, we always allow
96 // loads in remote frames.
97 return false;
98 }
99 Frame* top = m_frame->tree().top();
100 if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->ca nRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
101 return false;
102
103 // Then check the current frame:
80 if (!isMixedContent(securityOrigin, url)) 104 if (!isMixedContent(securityOrigin, url))
81 return true; 105 return true;
82 106
83 Settings* settings = m_frame->settings(); 107 Settings* settings = m_frame->settings();
84 bool allowedPerSettings = settings && (settings->allowRunningOfInsecureConte nt() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket())); 108 bool allowedPerSettings = settings && (settings->allowRunningOfInsecureConte nt() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket()));
85 bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, sec urityOrigin, url); 109 bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, sec urityOrigin, url);
86 logWarning(allowed, url, type); 110 logWarning(allowed, url, type);
87 111
88 if (allowed) 112 if (allowed)
89 client()->didRunInsecureContent(securityOrigin, url); 113 client()->didRunInsecureContent(securityOrigin, url);
(...skipping 23 matching lines...) Expand all
113 break; 137 break;
114 case Submission: 138 case Submission:
115 message.append("is submitting data to an insecure location at '" + targe t.elidedString() + "': this content should also be submitted over HTTPS.\n"); 139 message.append("is submitting data to an insecure location at '" + targe t.elidedString() + "': this content should also be submitted over HTTPS.\n");
116 break; 140 break;
117 } 141 }
118 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l; 142 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l;
119 m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel, message.toString()); 143 m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel, message.toString());
120 } 144 }
121 145
122 } // namespace WebCore 146 } // namespace WebCore
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698