Chromium Code Reviews Chromium Code Reviews
Issue 537983002:
Mixed Content: introduce WebURLRequest::RequestContext checks. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
| 6 * are met: | 6 * are met: |
| 7 * | 7 * |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 24 matching lines...) Expand all Loading... | |
| 35 #include "core/inspector/ConsoleMessage.h" | 35 #include "core/inspector/ConsoleMessage.h" |
| 36 #include "core/loader/FrameLoader.h" | 36 #include "core/loader/FrameLoader.h" |
| 37 #include "core/loader/FrameLoaderClient.h" | 37 #include "core/loader/FrameLoaderClient.h" |
| 38 #include "platform/RuntimeEnabledFeatures.h" | 38 #include "platform/RuntimeEnabledFeatures.h" |
| 39 #include "platform/weborigin/SchemeRegistry.h" | 39 #include "platform/weborigin/SchemeRegistry.h" |
| 40 #include "platform/weborigin/SecurityOrigin.h" | 40 #include "platform/weborigin/SecurityOrigin.h" |
| 41 #include "wtf/text/StringBuilder.h" | 41 #include "wtf/text/StringBuilder.h" |
| 42 | 42 |
| 43 namespace blink { | 43 namespace blink { |
| 44 | 44 |
| 45 namespace { | |
| 46 } // namespace | |
|
jochen (gone - plz use gerrit)
2014/09/09 08:11:57
not needed?
| |
| 47 | |
| 45 MixedContentChecker::MixedContentChecker(LocalFrame* frame) | 48 MixedContentChecker::MixedContentChecker(LocalFrame* frame) |
| 46 : m_frame(frame) | 49 : m_frame(frame) |
| 47 { | 50 { |
| 48 } | 51 } |
| 49 | 52 |
| 50 FrameLoaderClient* MixedContentChecker::client() const | 53 FrameLoaderClient* MixedContentChecker::client() const |
| 51 { | 54 { |
| 52 return m_frame->loader().client(); | 55 return m_frame->loader().client(); |
| 53 } | 56 } |
| 54 | 57 |
| 55 // static | 58 // static |
| 56 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K URL& url) | 59 bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K URL& url) |
| 57 { | 60 { |
| 58 if (securityOrigin->protocol() != "https") | 61 if (securityOrigin->protocol() != "https") |
| 59 return false; // We only care about HTTPS security origins. | 62 return false; // We only care about HTTPS security origins. |
| 60 | 63 |
| 61 // We're in a secure context, so |url| is mixed content if it's insecure. | 64 // We're in a secure context, so |url| is mixed content if it's insecure. |
| 62 return !SecurityOrigin::isSecure(url); | 65 return !SecurityOrigin::isSecure(url); |
| 63 } | 66 } |
| 64 | 67 |
| 68 // static | |
| 69 MixedContentChecker::ContextType MixedContentChecker::contextTypeFromContext(Web URLRequest::RequestContext context) | |
| 70 { | |
| 71 switch (context) { | |
| 72 // "Optionally-blockable" mixed content | |
| 73 case WebURLRequest::RequestContextAudio: | |
| 74 case WebURLRequest::RequestContextFavicon: | |
| 75 case WebURLRequest::RequestContextImage: | |
| 76 case WebURLRequest::RequestContextVideo: | |
| 77 return ContextTypeOptionallyBlockable; | |
| 78 | |
| 79 // "Blockable" mixed content | |
| 80 case WebURLRequest::RequestContextBeacon: | |
| 81 case WebURLRequest::RequestContextCSPReport: | |
| 82 case WebURLRequest::RequestContextEmbed: | |
| 83 case WebURLRequest::RequestContextFetch: | |
| 84 case WebURLRequest::RequestContextFont: | |
| 85 case WebURLRequest::RequestContextForm: | |
| 86 case WebURLRequest::RequestContextFrame: | |
| 87 case WebURLRequest::RequestContextHyperlink: | |
| 88 case WebURLRequest::RequestContextIframe: | |
| 89 case WebURLRequest::RequestContextImageSet: | |
| 90 case WebURLRequest::RequestContextImport: | |
| 91 case WebURLRequest::RequestContextLocation: | |
| 92 case WebURLRequest::RequestContextManifest: | |
| 93 case WebURLRequest::RequestContextObject: | |
| 94 case WebURLRequest::RequestContextPing: | |
| 95 case WebURLRequest::RequestContextScript: | |
| 96 case WebURLRequest::RequestContextServiceWorker: | |
| 97 case WebURLRequest::RequestContextSharedWorker: | |
| 98 case WebURLRequest::RequestContextStyle: | |
| 99 case WebURLRequest::RequestContextSubresource: | |
| 100 case WebURLRequest::RequestContextTrack: | |
| 101 case WebURLRequest::RequestContextWorker: | |
| 102 case WebURLRequest::RequestContextXSLT: | |
| 103 return ContextTypeBlockable; | |
| 104 | |
| 105 // "Blockable" mixed content whose behavior changed recently, and which is t hus guarded behind the "lax" flag | |
| 106 case WebURLRequest::RequestContextEventSource: | |
| 107 case WebURLRequest::RequestContextXMLHttpRequest: | |
| 108 return ContextTypeBlockableUnlessLax; | |
| 109 | |
| 110 // Contexts that we should block, but don't currently. | |
| 111 case WebURLRequest::RequestContextDownload: | |
| 112 case WebURLRequest::RequestContextInternal: | |
| 113 case WebURLRequest::RequestContextPlugin: | |
| 114 case WebURLRequest::RequestContextPrefetch: | |
| 115 return ContextTypeShouldBeBlockable; | |
| 116 | |
| 117 case WebURLRequest::RequestContextUnspecified: | |
| 118 ASSERT_NOT_REACHED(); | |
| 119 } | |
| 120 ASSERT_NOT_REACHED(); | |
| 121 return ContextTypeBlockable; | |
| 122 } | |
| 123 | |
| 124 // static | |
| 125 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequ est& resourceRequest, const KURL& url) | |
| 126 { | |
| 127 // No frame, no mixed content: | |
| 128 if (!frame) | |
| 129 return false; | |
| 130 | |
| 131 // Check the top frame first. | |
| 132 if (Frame* top = frame->tree().top()) { | |
| 133 // FIXME: We need a way to access the top-level frame's SecurityOrigin w hen that frame | |
| 134 // is in a different process from the current frame. Until that is done, we bail out | |
| 135 // early and allow the load. | |
| 136 if (!top->isLocalFrame()) | |
| 137 return false; | |
| 138 | |
| 139 LocalFrame* localTop = toLocalFrame(top); | |
| 140 if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url )) | |
| 141 return true; | |
| 142 } | |
| 143 | |
| 144 // We only care about subresource loads; top-level navigations cannot be mix ed content. | |
| 145 if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel) | |
| 146 return false; | |
| 147 | |
| 148 // No mixed content, no problem. | |
| 149 if (!isMixedContent(frame->document()->securityOrigin(), url)) | |
| 150 return false; | |
| 151 | |
| 152 Settings* settings = frame->settings(); | |
| 153 FrameLoaderClient* client = frame->loader().client(); | |
| 154 SecurityOrigin* securityOrigin = frame->document()->securityOrigin(); | |
| 155 bool allowed = false; | |
| 156 | |
| 157 switch (contextTypeFromContext(resourceRequest.requestContext())) { | |
| 158 case ContextTypeOptionallyBlockable: | |
| 159 allowed = client->allowDisplayingInsecureContent(settings && settings->a llowDisplayOfInsecureContent(), securityOrigin, url); | |
| 160 if (allowed) | |
| 161 client->didDisplayInsecureContent(); | |
| 162 return !allowed; | |
| 163 | |
| 164 case ContextTypeBlockable: | |
| 165 allowed = client->allowRunningInsecureContent(settings && settings->allo wRunningOfInsecureContent(), securityOrigin, url); | |
| 166 if (allowed) | |
| 167 client->didRunInsecureContent(securityOrigin, url); | |
| 168 return !allowed; | |
| 169 | |
| 170 case ContextTypeBlockableUnlessLax: | |
| 171 if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled()) { | |
| 172 allowed = client->allowDisplayingInsecureContent(settings && setting s->allowDisplayOfInsecureContent(), securityOrigin, url); | |
| 173 if (allowed) | |
| 174 client->didDisplayInsecureContent(); | |
| 175 } else { | |
| 176 allowed = client->allowRunningInsecureContent(settings && settings-> allowRunningOfInsecureContent(), securityOrigin, url); | |
| 177 if (allowed) | |
| 178 client->didRunInsecureContent(securityOrigin, url); | |
| 179 } | |
| 180 return !allowed; | |
| 181 | |
| 182 case ContextTypeShouldBeBlockable: | |
| 183 return false; | |
| 184 }; | |
| 185 ASSERT_NOT_REACHED(); | |
| 186 return true; | |
| 187 } | |
| 188 | |
| 65 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu rityOrigin, const KURL& url, const MixedContentType type) const | 189 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* secu rityOrigin, const KURL& url, const MixedContentType type) const |
| 66 { | 190 { |
| 67 // Check the top frame if it differs from MixedContentChecker's m_frame. | 191 // Check the top frame if it differs from MixedContentChecker's m_frame. |
| 68 if (!m_frame->tree().top()->isLocalFrame()) { | 192 if (!m_frame->tree().top()->isLocalFrame()) { |
| 69 // FIXME: We need a way to access the top-level frame's MixedContentChec ker when that frame | 193 // FIXME: We need a way to access the top-level frame's MixedContentChec ker when that frame |
| 70 // is in a different process from the current frame. Until that is done, we always allow | 194 // is in a different process from the current frame. Until that is done, we always allow |
| 71 // loads in remote frames. | 195 // loads in remote frames. |
| 72 return false; | 196 return false; |
| 73 } | 197 } |
| 74 Frame* top = m_frame->tree().top(); | 198 Frame* top = m_frame->tree().top(); |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 165 break; | 289 break; |
| 166 case Submission: | 290 case Submission: |
| 167 message.append("is submitting data to an insecure location at '" + targe t.elidedString() + "': this content should also be submitted over HTTPS.\n"); | 291 message.append("is submitting data to an insecure location at '" + targe t.elidedString() + "': this content should also be submitted over HTTPS.\n"); |
| 168 break; | 292 break; |
| 169 } | 293 } |
| 170 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l; | 294 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l; |
| 171 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag eSource, messageLevel, message.toString())); | 295 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag eSource, messageLevel, message.toString())); |
| 172 } | 296 } |
| 173 | 297 |
| 174 } // namespace blink | 298 } // namespace blink |
| OLD | NEW |
