Chromium Code Reviews Chromium Code Reviews
Issue 537983002:
Mixed Content: introduce WebURLRequest::RequestContext checks. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 55 // static | 55 // static |
| 56 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K URL& url) | 56 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K URL& url) |
| 57 { | 57 { |
| 58 if (securityOrigin->protocol() != "https") | 58 if (securityOrigin->protocol() != "https") |
| 59 return false; // We only care about HTTPS security origins. | 59 return false; // We only care about HTTPS security origins. |
| 60 | 60 |
| 61 // We're in a secure context, so |url| is mixed content if it's insecure. | 61 // We're in a secure context, so |url| is mixed content if it's insecure. |
| 62 return !SecurityOrigin::isSecure(url); | 62 return !SecurityOrigin::isSecure(url); |
| 63 } | 63 } |
| 64 | 64 |
| 65 MixedContentChecker::ContextType contextTypeFromContext(WebURLRequest::RequestCo ntext context) | |
|
jochen (gone - plz use gerrit)
2014/09/05 08:26:14
static?
| |
| 66 { | |
| 67 switch (context) { | |
| 68 // "Optionally-blockable" mixed content | |
| 69 case WebURLRequest::RequestContextAudio: | |
| 70 case WebURLRequest::RequestContextFavicon: | |
| 71 case WebURLRequest::RequestContextImage: | |
| 72 case WebURLRequest::RequestContextVideo: | |
| 73 return MixedContentChecker::OptionallyBlockable; | |
| 74 | |
| 75 // "Blockable" mixed content | |
| 76 case WebURLRequest::RequestContextBeacon: | |
| 77 case WebURLRequest::RequestContextCSPReport: | |
| 78 case WebURLRequest::RequestContextEmbed: | |
| 79 case WebURLRequest::RequestContextFetch: | |
| 80 case WebURLRequest::RequestContextFont: | |
| 81 case WebURLRequest::RequestContextForm: | |
| 82 case WebURLRequest::RequestContextFrame: | |
| 83 case WebURLRequest::RequestContextHyperlink: | |
| 84 case WebURLRequest::RequestContextIframe: | |
| 85 case WebURLRequest::RequestContextImageSet: | |
| 86 case WebURLRequest::RequestContextImport: | |
| 87 case WebURLRequest::RequestContextLocation: | |
| 88 case WebURLRequest::RequestContextManifest: | |
| 89 case WebURLRequest::RequestContextObject: | |
| 90 case WebURLRequest::RequestContextPing: | |
| 91 case WebURLRequest::RequestContextScript: | |
| 92 case WebURLRequest::RequestContextServiceWorker: | |
| 93 case WebURLRequest::RequestContextSharedWorker: | |
| 94 case WebURLRequest::RequestContextStyle: | |
| 95 case WebURLRequest::RequestContextSubresource: | |
| 96 case WebURLRequest::RequestContextTrack: | |
| 97 case WebURLRequest::RequestContextWorker: | |
| 98 case WebURLRequest::RequestContextXSLT: | |
| 99 return MixedContentChecker::Blockable; | |
| 100 | |
| 101 // "Blockable" mixed content whose behavior changed recently, and which is t hus guarded behind the "lax" flag | |
| 102 case WebURLRequest::RequestContextEventSource: | |
| 103 case WebURLRequest::RequestContextXMLHttpRequest: | |
| 104 return MixedContentChecker::BlockableUnlessLax; | |
| 105 | |
| 106 // Contexts that we should block, but don't currently. | |
| 107 case WebURLRequest::RequestContextDownload: | |
| 108 case WebURLRequest::RequestContextInternal: | |
| 109 case WebURLRequest::RequestContextPlugin: | |
| 110 case WebURLRequest::RequestContextPrefetch: | |
| 111 return MixedContentChecker::ShouldBeBlockable; | |
| 112 | |
| 113 case WebURLRequest::RequestContextUnspecified: | |
| 114 ASSERT_NOT_REACHED(); | |
| 115 } | |
| 116 ASSERT_NOT_REACHED(); | |
| 117 return MixedContentChecker::Blockable; | |
| 118 } | |
| 119 | |
| 120 // static | |
| 121 bool MixedContentChecker::shouldBlockSubresourceFetch(LocalFrame* frame, const R esourceRequest& resourceRequest, const KURL& url) | |
| 122 { | |
| 123 return false; | |
| 124 } | |
| 125 | |
| 126 // static | |
| 127 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequ est& resourceRequest, const KURL& url) | |
| 128 { | |
| 129 // No frame, no mixed content: | |
| 130 if (!frame) | |
| 131 return false; | |
| 132 | |
| 133 // Check the top frame first. | |
| 134 if (Frame* top = frame->tree().top()) { | |
| 135 // FIXME: We need a way to access the top-level frame's SecurityOrigin w hen that frame | |
| 136 // is in a different process from the current frame. Until that is done, we bail out | |
| 137 // early and allow the load. | |
| 138 if (!top->isLocalFrame()) | |
| 139 return true; | |
| 140 | |
| 141 LocalFrame* localTop = toLocalFrame(top); | |
| 142 if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url )) | |
| 143 return true; | |
| 144 } | |
| 145 | |
| 146 // We only need to examine insecure URLs in secure contexts; return early ot herwise. | |
| 147 if (SecurityOrigin::isSecure(url) || frame->document()->securityOrigin()->pr otocol() != "https") | |
| 148 return false; | |
| 149 | |
| 150 // Likewise, we only care about subresource loads: | |
| 151 if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel) | |
| 152 return false; | |
| 153 | |
| 154 Settings* settings = frame->settings(); | |
| 155 FrameLoaderClient* client = frame->loader().client(); | |
| 156 SecurityOrigin* securityOrigin = frame->document()->securityOrigin(); | |
| 157 bool allowed = false; | |
| 158 | |
| 159 switch (contextTypeFromContext(resourceRequest.requestContext())) { | |
| 160 case OptionallyBlockable: | |
| 161 allowed = client->allowDisplayingInsecureContent(settings && settings->a llowDisplayOfInsecureContent(), securityOrigin, url); | |
| 162 if (allowed) | |
| 163 client->didDisplayInsecureContent(); | |
| 164 return !allowed; | |
| 165 | |
| 166 case Blockable: | |
| 167 allowed = client->allowRunningInsecureContent(settings && settings->allo wRunningOfInsecureContent(), securityOrigin, url); | |
| 168 if (allowed) | |
| 169 client->didRunInsecureContent(securityOrigin, url); | |
| 170 return !allowed; | |
| 171 | |
| 172 case BlockableUnlessLax: | |
| 173 if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled()) { | |
| 174 allowed = client->allowDisplayingInsecureContent(settings && setting s->allowDisplayOfInsecureContent(), securityOrigin, url); | |
| 175 if (allowed) | |
| 176 client->didDisplayInsecureContent(); | |
| 177 } else { | |
| 178 allowed = client->allowRunningInsecureContent(settings && settings-> allowRunningOfInsecureContent(), securityOrigin, url); | |
| 179 if (allowed) | |
| 180 client->didRunInsecureContent(securityOrigin, url); | |
| 181 } | |
| 182 return !allowed; | |
| 183 | |
| 184 case ShouldBeBlockable: | |
| 185 return false; | |
| 186 }; | |
| 187 ASSERT_NOT_REACHED(); | |
| 188 return true; | |
| 189 } | |
| 190 | |
| 65 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu rityOrigin, const KURL& url, const MixedContentType type) const | 191 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu rityOrigin, const KURL& url, const MixedContentType type) const |
| 66 { | 192 { |
| 67 // Check the top frame if it differs from MixedContentChecker's m_frame. | 193 // Check the top frame if it differs from MixedContentChecker's m_frame. |
| 68 if (!m_frame->tree().top()->isLocalFrame()) { | 194 if (!m_frame->tree().top()->isLocalFrame()) { |
| 69 // FIXME: We need a way to access the top-level frame's MixedContentChec ker when that frame | 195 // FIXME: We need a way to access the top-level frame's MixedContentChec ker when that frame |
| 70 // is in a different process from the current frame. Until that is done, we always allow | 196 // is in a different process from the current frame. Until that is done, we always allow |
| 71 // loads in remote frames. | 197 // loads in remote frames. |
| 72 return false; | 198 return false; |
| 73 } | 199 } |
| 74 Frame* top = m_frame->tree().top(); | 200 Frame* top = m_frame->tree().top(); |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 165 break; | 291 break; |
| 166 case Submission: | 292 case Submission: |
| 167 message.append("is submitting data to an insecure location at '" + targe t.elidedString() + "': this content should also be submitted over HTTPS.\n"); | 293 message.append("is submitting data to an insecure location at '" + targe t.elidedString() + "': this content should also be submitted over HTTPS.\n"); |
| 168 break; | 294 break; |
| 169 } | 295 } |
| 170 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l; | 296 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l; |
| 171 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag eSource, messageLevel, message.toString())); | 297 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag eSource, messageLevel, message.toString())); |
| 172 } | 298 } |
| 173 | 299 |
| 174 } // namespace blink | 300 } // namespace blink |
| OLD | NEW |
