Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1289)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/core/loader/MixedContentChecker.cpp

Issue 417153004: Treat reserved IP addresses as mixed content. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/loader/MixedContentChecker.h ('k') | Source/platform/weborigin/SecurityOrigin.h » ('j') | Source/platform/weborigin/SecurityOrigin.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/loader/MixedContentChecker.cpp
diff --git a/Source/core/loader/MixedContentChecker.cpp b/Source/core/loader/MixedContentChecker.cpp
index 48ff7a77a5a2c54fbb5e5eabf39b8b4306691c1a..83bfb6de19f78f932b1afe9e41a81acfe20dbd96 100644
--- a/Source/core/loader/MixedContentChecker.cpp
+++ b/Source/core/loader/MixedContentChecker.cpp
@@ -52,6 +52,18 @@ FrameLoaderClient* MixedContentChecker::client() const
}
// static
+bool MixedContentChecker::isMixedRealm(SecurityOrigin* securityOrigin, const KURL& url)
+{
+ if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled())
+ return false;
+
+ if (securityOrigin->isReservedIPAddress())
+ return false; // We only care about public origins.
+
+ return SecurityOrigin::create(url)->isReservedIPAddress();
abarth-chromium 2014/08/01 18:09:45 Why do we need to create a SecurityOrigin just to
Mike West 2014/08/02 15:21:46 I can skip SecurityOrigin entirely and just call t
+}
+
+// static
bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const KURL& url)
{
if (securityOrigin->protocol() != "https")
@@ -75,7 +87,7 @@ bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu
return false;
// Then check the current frame:
- if (!isMixedContent(securityOrigin, url))
+ if (!isMixedRealm(securityOrigin, url) && !isMixedContent(securityOrigin, url))
return true;
Settings* settings = m_frame->settings();
@@ -102,7 +114,7 @@ bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security
return false;
// Then check the current frame:
- if (!isMixedContent(securityOrigin, url))
+ if (!isMixedRealm(securityOrigin, url) && !isMixedContent(securityOrigin, url))
return true;
Settings* settings = m_frame->settings();
« no previous file with comments | « Source/core/loader/MixedContentChecker.h ('k') | Source/platform/weborigin/SecurityOrigin.h » ('j') | Source/platform/weborigin/SecurityOrigin.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698