| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 */ | 27 */ |
| 28 | 28 |
| 29 #include "config.h" | 29 #include "config.h" |
| 30 #include "core/loader/MixedContentChecker.h" | 30 #include "core/loader/MixedContentChecker.h" |
| 31 | 31 |
| 32 #include "core/dom/Document.h" | 32 #include "core/dom/Document.h" |
| 33 #include "core/frame/LocalFrame.h" | 33 #include "core/frame/LocalFrame.h" |
| 34 #include "core/frame/Settings.h" | 34 #include "core/frame/Settings.h" |
| 35 #include "core/loader/FrameLoader.h" | 35 #include "core/loader/FrameLoader.h" |
| 36 #include "core/loader/FrameLoaderClient.h" | 36 #include "core/loader/FrameLoaderClient.h" |
| 37 #include "platform/RuntimeEnabledFeatures.h" |
| 37 #include "platform/weborigin/SecurityOrigin.h" | 38 #include "platform/weborigin/SecurityOrigin.h" |
| 38 #include "wtf/text/StringBuilder.h" | 39 #include "wtf/text/StringBuilder.h" |
| 39 | 40 |
| 40 namespace WebCore { | 41 namespace WebCore { |
| 41 | 42 |
| 42 MixedContentChecker::MixedContentChecker(LocalFrame* frame) | 43 MixedContentChecker::MixedContentChecker(LocalFrame* frame) |
| 43 : m_frame(frame) | 44 : m_frame(frame) |
| 44 { | 45 { |
| 45 } | 46 } |
| 46 | 47 |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 bool allowedPerSettings = settings && (settings->allowRunningOfInsecureConte
nt() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket())); | 84 bool allowedPerSettings = settings && (settings->allowRunningOfInsecureConte
nt() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket())); |
| 84 bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, sec
urityOrigin, url); | 85 bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, sec
urityOrigin, url); |
| 85 logWarning(allowed, url, type); | 86 logWarning(allowed, url, type); |
| 86 | 87 |
| 87 if (allowed) | 88 if (allowed) |
| 88 client()->didRunInsecureContent(securityOrigin, url); | 89 client()->didRunInsecureContent(securityOrigin, url); |
| 89 | 90 |
| 90 return allowed; | 91 return allowed; |
| 91 } | 92 } |
| 92 | 93 |
| 94 bool MixedContentChecker::canConnectInsecureWebSocket(SecurityOrigin* securityOr
igin, const KURL& url) const |
| 95 { |
| 96 if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled()) |
| 97 return canDisplayInsecureContentInternal(securityOrigin, url, MixedConte
ntChecker::WebSocket); |
| 98 return canRunInsecureContentInternal(securityOrigin, url, MixedContentChecke
r::WebSocket); |
| 99 } |
| 100 |
| 93 void MixedContentChecker::logWarning(bool allowed, const KURL& target, const Mix
edContentType type) const | 101 void MixedContentChecker::logWarning(bool allowed, const KURL& target, const Mix
edContentType type) const |
| 94 { | 102 { |
| 95 StringBuilder message; | 103 StringBuilder message; |
| 96 message.append((allowed ? "" : "[blocked] ")); | 104 message.append((allowed ? "" : "[blocked] ")); |
| 97 message.append("The page at '" + m_frame->document()->url().elidedString() +
"' was loaded over HTTPS, but "); | 105 message.append("The page at '" + m_frame->document()->url().elidedString() +
"' was loaded over HTTPS, but "); |
| 98 switch (type) { | 106 switch (type) { |
| 99 case Display: | 107 case Display: |
| 100 message.append("displayed insecure content from '" + target.elidedString
() + "': this content should also be loaded over HTTPS.\n"); | 108 message.append("displayed insecure content from '" + target.elidedString
() + "': this content should also be loaded over HTTPS.\n"); |
| 101 break; | 109 break; |
| 102 case Execution: | 110 case Execution: |
| 103 case WebSocket: | 111 case WebSocket: |
| 104 message.append("ran insecure content from '" + target.elidedString() + "
': this content should also be loaded over HTTPS.\n"); | 112 message.append("ran insecure content from '" + target.elidedString() + "
': this content should also be loaded over HTTPS.\n"); |
| 105 break; | 113 break; |
| 106 case Submission: | 114 case Submission: |
| 107 message.append("is submitting data to an insecure location at '" + targe
t.elidedString() + "': this content should also be submitted over HTTPS.\n"); | 115 message.append("is submitting data to an insecure location at '" + targe
t.elidedString() + "': this content should also be submitted over HTTPS.\n"); |
| 108 break; | 116 break; |
| 109 } | 117 } |
| 110 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; | 118 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; |
| 111 m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel,
message.toString()); | 119 m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel,
message.toString()); |
| 112 } | 120 } |
| 113 | 121 |
| 114 } // namespace WebCore | 122 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 356843006:
Add "lax mixed content checking" runtime flag. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk