OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 24 matching lines...) Expand all Loading... | |
35 #include "core/inspector/ConsoleMessage.h" | 35 #include "core/inspector/ConsoleMessage.h" |
36 #include "core/loader/FrameLoader.h" | 36 #include "core/loader/FrameLoader.h" |
37 #include "core/loader/FrameLoaderClient.h" | 37 #include "core/loader/FrameLoaderClient.h" |
38 #include "platform/RuntimeEnabledFeatures.h" | 38 #include "platform/RuntimeEnabledFeatures.h" |
39 #include "platform/weborigin/SchemeRegistry.h" | 39 #include "platform/weborigin/SchemeRegistry.h" |
40 #include "platform/weborigin/SecurityOrigin.h" | 40 #include "platform/weborigin/SecurityOrigin.h" |
41 #include "wtf/text/StringBuilder.h" | 41 #include "wtf/text/StringBuilder.h" |
42 | 42 |
43 namespace blink { | 43 namespace blink { |
44 | 44 |
45 namespace { | |
46 } // namespace | |
jochen (gone - plz use gerrit)
2014/09/09 08:11:57
not needed?
| |
47 | |
45 MixedContentChecker::MixedContentChecker(LocalFrame* frame) | 48 MixedContentChecker::MixedContentChecker(LocalFrame* frame) |
46 : m_frame(frame) | 49 : m_frame(frame) |
47 { | 50 { |
48 } | 51 } |
49 | 52 |
50 FrameLoaderClient* MixedContentChecker::client() const | 53 FrameLoaderClient* MixedContentChecker::client() const |
51 { | 54 { |
52 return m_frame->loader().client(); | 55 return m_frame->loader().client(); |
53 } | 56 } |
54 | 57 |
55 // static | 58 // static |
56 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K URL& url) | 59 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K URL& url) |
57 { | 60 { |
58 if (securityOrigin->protocol() != "https") | 61 if (securityOrigin->protocol() != "https") |
59 return false; // We only care about HTTPS security origins. | 62 return false; // We only care about HTTPS security origins. |
60 | 63 |
61 // We're in a secure context, so |url| is mixed content if it's insecure. | 64 // We're in a secure context, so |url| is mixed content if it's insecure. |
62 return !SecurityOrigin::isSecure(url); | 65 return !SecurityOrigin::isSecure(url); |
63 } | 66 } |
64 | 67 |
68 // static | |
69 MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(Web URLRequest::RequestContext context) | |
70 { | |
71 switch (context) { | |
72 // "Optionally-blockable" mixed content | |
73 case WebURLRequest::RequestContextAudio: | |
74 case WebURLRequest::RequestContextFavicon: | |
75 case WebURLRequest::RequestContextImage: | |
76 case WebURLRequest::RequestContextVideo: | |
77 return ContextTypeOptionallyBlockable; | |
78 | |
79 // "Blockable" mixed content | |
80 case WebURLRequest::RequestContextBeacon: | |
81 case WebURLRequest::RequestContextCSPReport: | |
82 case WebURLRequest::RequestContextEmbed: | |
83 case WebURLRequest::RequestContextFetch: | |
84 case WebURLRequest::RequestContextFont: | |
85 case WebURLRequest::RequestContextForm: | |
86 case WebURLRequest::RequestContextFrame: | |
87 case WebURLRequest::RequestContextHyperlink: | |
88 case WebURLRequest::RequestContextIframe: | |
89 case WebURLRequest::RequestContextImageSet: | |
90 case WebURLRequest::RequestContextImport: | |
91 case WebURLRequest::RequestContextLocation: | |
92 case WebURLRequest::RequestContextManifest: | |
93 case WebURLRequest::RequestContextObject: | |
94 case WebURLRequest::RequestContextPing: | |
95 case WebURLRequest::RequestContextScript: | |
96 case WebURLRequest::RequestContextServiceWorker: | |
97 case WebURLRequest::RequestContextSharedWorker: | |
98 case WebURLRequest::RequestContextStyle: | |
99 case WebURLRequest::RequestContextSubresource: | |
100 case WebURLRequest::RequestContextTrack: | |
101 case WebURLRequest::RequestContextWorker: | |
102 case WebURLRequest::RequestContextXSLT: | |
103 return ContextTypeBlockable; | |
104 | |
105 // "Blockable" mixed content whose behavior changed recently, and which is t hus guarded behind the "lax" flag | |
106 case WebURLRequest::RequestContextEventSource: | |
107 case WebURLRequest::RequestContextXMLHttpRequest: | |
108 return ContextTypeBlockableUnlessLax; | |
109 | |
110 // Contexts that we should block, but don't currently. | |
111 case WebURLRequest::RequestContextDownload: | |
112 case WebURLRequest::RequestContextInternal: | |
113 case WebURLRequest::RequestContextPlugin: | |
114 case WebURLRequest::RequestContextPrefetch: | |
115 return ContextTypeShouldBeBlockable; | |
116 | |
117 case WebURLRequest::RequestContextUnspecified: | |
118 ASSERT_NOT_REACHED(); | |
119 } | |
120 ASSERT_NOT_REACHED(); | |
121 return ContextTypeBlockable; | |
122 } | |
123 | |
124 // static | |
125 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequ est& resourceRequest, const KURL& url) | |
126 { | |
127 // No frame, no mixed content: | |
128 if (!frame) | |
129 return false; | |
130 | |
131 // Check the top frame first. | |
132 if (Frame* top = frame->tree().top()) { | |
133 // FIXME: We need a way to access the top-level frame's SecurityOrigin w hen that frame | |
134 // is in a different process from the current frame. Until that is done, we bail out | |
135 // early and allow the load. | |
136 if (!top->isLocalFrame()) | |
137 return false; | |
138 | |
139 LocalFrame* localTop = toLocalFrame(top); | |
140 if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url )) | |
141 return true; | |
142 } | |
143 | |
144 // We only care about subresource loads; top-level navigations cannot be mix ed content. | |
145 if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel) | |
146 return false; | |
147 | |
148 // No mixed content, no problem. | |
149 if (!isMixedContent(frame->document()->securityOrigin(), url)) | |
150 return false; | |
151 | |
152 Settings* settings = frame->settings(); | |
153 FrameLoaderClient* client = frame->loader().client(); | |
154 SecurityOrigin* securityOrigin = frame->document()->securityOrigin(); | |
155 bool allowed = false; | |
156 | |
157 switch (contextTypeFromContext(resourceRequest.requestContext())) { | |
158 case ContextTypeOptionallyBlockable: | |
159 allowed = client->allowDisplayingInsecureContent(settings && settings->a llowDisplayOfInsecureContent(), securityOrigin, url); | |
160 if (allowed) | |
161 client->didDisplayInsecureContent(); | |
162 return !allowed; | |
163 | |
164 case ContextTypeBlockable: | |
165 allowed = client->allowRunningInsecureContent(settings && settings->allo wRunningOfInsecureContent(), securityOrigin, url); | |
166 if (allowed) | |
167 client->didRunInsecureContent(securityOrigin, url); | |
168 return !allowed; | |
169 | |
170 case ContextTypeBlockableUnlessLax: | |
171 if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled()) { | |
172 allowed = client->allowDisplayingInsecureContent(settings && setting s->allowDisplayOfInsecureContent(), securityOrigin, url); | |
173 if (allowed) | |
174 client->didDisplayInsecureContent(); | |
175 } else { | |
176 allowed = client->allowRunningInsecureContent(settings && settings-> allowRunningOfInsecureContent(), securityOrigin, url); | |
177 if (allowed) | |
178 client->didRunInsecureContent(securityOrigin, url); | |
179 } | |
180 return !allowed; | |
181 | |
182 case ContextTypeShouldBeBlockable: | |
183 return false; | |
184 }; | |
185 ASSERT_NOT_REACHED(); | |
186 return true; | |
187 } | |
188 | |
65 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu rityOrigin, const KURL& url, const MixedContentType type) const | 189 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu rityOrigin, const KURL& url, const MixedContentType type) const |
66 { | 190 { |
67 // Check the top frame if it differs from MixedContentChecker's m_frame. | 191 // Check the top frame if it differs from MixedContentChecker's m_frame. |
68 if (!m_frame->tree().top()->isLocalFrame()) { | 192 if (!m_frame->tree().top()->isLocalFrame()) { |
69 // FIXME: We need a way to access the top-level frame's MixedContentChec ker when that frame | 193 // FIXME: We need a way to access the top-level frame's MixedContentChec ker when that frame |
70 // is in a different process from the current frame. Until that is done, we always allow | 194 // is in a different process from the current frame. Until that is done, we always allow |
71 // loads in remote frames. | 195 // loads in remote frames. |
72 return false; | 196 return false; |
73 } | 197 } |
74 Frame* top = m_frame->tree().top(); | 198 Frame* top = m_frame->tree().top(); |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
165 break; | 289 break; |
166 case Submission: | 290 case Submission: |
167 message.append("is submitting data to an insecure location at '" + targe t.elidedString() + "': this content should also be submitted over HTTPS.\n"); | 291 message.append("is submitting data to an insecure location at '" + targe t.elidedString() + "': this content should also be submitted over HTTPS.\n"); |
168 break; | 292 break; |
169 } | 293 } |
170 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l; | 294 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l; |
171 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag eSource, messageLevel, message.toString())); | 295 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag eSource, messageLevel, message.toString())); |
172 } | 296 } |
173 | 297 |
174 } // namespace blink | 298 } // namespace blink |
OLD | NEW |