Treat reserved IP addresses as mixed content.

Source/core/loader/MixedContentChecker.cpp

 /*
  * Copyright (C) 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 19 matching lines @@
 #include "core/loader/MixedContentChecker.h"
 
 #include "core/dom/Document.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/Settings.h"
 #include "core/loader/FrameLoader.h"
 #include "core/loader/FrameLoaderClient.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityOrigin.h"
+#include "public/platform/Platform.h"
+#include "public/platform/WebURL.h"
 #include "wtf/text/StringBuilder.h"
 
 namespace blink {
 
 MixedContentChecker::MixedContentChecker(LocalFrame* frame)
     : m_frame(frame)
 {
 }
 
 FrameLoaderClient* MixedContentChecker::client() const
 {
     return m_frame->loader().client();
 }
 
 // static
+bool MixedContentChecker::isMixedRealm(SecurityOrigin* securityOrigin, const KURL& url)
+{
+    if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled())
+        return false;
+
+    // We only care about public origins: private origins can load public resources without issue.
+    KURL originURL;
+    originURL.setProtocol(securityOrigin->protocol());
+    originURL.setHost(securityOrigin->host());
+    if (!Platform::current()->isReservedIPAddress(originURL))

[Mike West, 2014/08/06 09:08:14]

I would like to pass the SecurityOrigin to the platform layer directly. But I
can't because layering. :(

+        return false;
+
+    return Platform::current()->isReservedIPAddress(url);
+}
+
+// static
 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const KURL& url)
 {
     if (securityOrigin->protocol() != "https")
         return false; // We only care about HTTPS security origins.
 
     // We're in a secure context, so |url| is mixed content if it's insecure.
     return !SecurityOrigin::isSecure(url);
 }
 
 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, const MixedContentType type) const
 {
     // Check the top frame if it differs from MixedContentChecker's m_frame.
     if (!m_frame->tree().top()->isLocalFrame()) {
         // FIXME: We need a way to access the top-level frame's MixedContentChecker when that frame
         // is in a different process from the current frame. Until that is done, we always allow
         // loads in remote frames.
         return false;
     }
     Frame* top = m_frame->tree().top();
     if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->canDisplayInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
         return false;
 
     // Then check the current frame:
-    if (!isMixedContent(securityOrigin, url))
+    if (!isMixedContent(securityOrigin, url) && !isMixedRealm(securityOrigin, url))
         return true;
 
     Settings* settings = m_frame->settings();
     bool allowed = client()->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url);
     logWarning(allowed, url, type);
 
     if (allowed)
         client()->didDisplayInsecureContent();
 
     return allowed;
 }
 
 bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, const MixedContentType type) const
 {
     // Check the top frame if it differs from MixedContentChecker's m_frame.
     if (!m_frame->tree().top()->isLocalFrame()) {
         // FIXME: We need a way to access the top-level frame's MixedContentChecker when that frame
         // is in a different process from the current frame. Until that is done, we always allow
         // loads in remote frames.
         return false;
     }
     Frame* top = m_frame->tree().top();
     if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->canRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url))
         return false;
 
     // Then check the current frame:
-    if (!isMixedContent(securityOrigin, url))
+    if (!isMixedContent(securityOrigin, url) && !isMixedRealm(securityOrigin, url))
         return true;
 
     Settings* settings = m_frame->settings();
     bool allowedPerSettings = settings && (settings->allowRunningOfInsecureContent() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket()));
     bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, securityOrigin, url);
     logWarning(allowed, url, type);
 
     if (allowed)
         client()->didRunInsecureContent(securityOrigin, url);
 
@@ skipping 48 matching lines @@
         break;
     case Submission:
         message.append("is submitting data to an insecure location at '" + target.elidedString() + "': this content should also be submitted over HTTPS.\n");
         break;
     }
     MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel;
     m_frame->document()->addConsoleMessage(SecurityMessageSource, messageLevel, message.toString());
 }
 
 } // namespace blink