| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 */ | 29 */ |
| 30 | 30 |
| 31 #ifndef MixedContentChecker_h | 31 #ifndef MixedContentChecker_h |
| 32 #define MixedContentChecker_h | 32 #define MixedContentChecker_h |
| 33 | 33 |
| 34 #include "public/platform/WebURLRequest.h" |
| 34 #include "wtf/text/WTFString.h" | 35 #include "wtf/text/WTFString.h" |
| 35 | 36 |
| 36 namespace blink { | 37 namespace blink { |
| 37 | 38 |
| 38 class LocalFrame; | 39 class LocalFrame; |
| 39 class FrameLoaderClient; | 40 class FrameLoaderClient; |
| 40 class KURL; | 41 class KURL; |
| 41 class SecurityOrigin; | 42 class SecurityOrigin; |
| 43 class ResourceRequest; |
| 42 | 44 |
| 43 class MixedContentChecker { | 45 class MixedContentChecker { |
| 44 WTF_MAKE_NONCOPYABLE(MixedContentChecker); | 46 WTF_MAKE_NONCOPYABLE(MixedContentChecker); |
| 45 public: | 47 public: |
| 46 MixedContentChecker(LocalFrame*); | 48 explicit MixedContentChecker(LocalFrame*); |
| 49 |
| 50 static bool shouldBlockFetch(LocalFrame*, const ResourceRequest&, const KURL
&); |
| 47 | 51 |
| 48 bool canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& u
rl) const | 52 bool canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& u
rl) const |
| 49 { | 53 { |
| 50 return canDisplayInsecureContentInternal(securityOrigin, url, MixedConte
ntChecker::Display); | 54 return canDisplayInsecureContentInternal(securityOrigin, url, MixedConte
ntChecker::Display); |
| 51 } | 55 } |
| 52 | 56 |
| 53 bool canRunInsecureContent(SecurityOrigin* securityOrigin, const KURL& url)
const | 57 bool canRunInsecureContent(SecurityOrigin* securityOrigin, const KURL& url)
const |
| 54 { | 58 { |
| 55 return canRunInsecureContentInternal(securityOrigin, url, MixedContentCh
ecker::Execution); | 59 return canRunInsecureContentInternal(securityOrigin, url, MixedContentCh
ecker::Execution); |
| 56 } | 60 } |
| 57 | 61 |
| 58 bool canSubmitToInsecureForm(SecurityOrigin*, const KURL&) const; | 62 bool canSubmitToInsecureForm(SecurityOrigin*, const KURL&) const; |
| 59 bool canConnectInsecureWebSocket(SecurityOrigin*, const KURL&) const; | 63 bool canConnectInsecureWebSocket(SecurityOrigin*, const KURL&) const; |
| 60 bool canFrameInsecureContent(SecurityOrigin*, const KURL&) const; | 64 bool canFrameInsecureContent(SecurityOrigin*, const KURL&) const; |
| 61 static bool isMixedContent(SecurityOrigin*, const KURL&); | 65 static bool isMixedContent(SecurityOrigin*, const KURL&); |
| 62 | 66 |
| 63 private: | 67 private: |
| 64 enum MixedContentType { | 68 enum MixedContentType { |
| 65 Display, | 69 Display, |
| 66 Execution, | 70 Execution, |
| 67 WebSocket, | 71 WebSocket, |
| 68 Submission | 72 Submission |
| 69 }; | 73 }; |
| 70 | 74 |
| 75 enum ContextType { |
| 76 ContextTypeBlockable, |
| 77 ContextTypeOptionallyBlockable, |
| 78 ContextTypeShouldBeBlockable, |
| 79 ContextTypeBlockableUnlessLax |
| 80 }; |
| 81 |
| 82 static ContextType contextTypeFromContext(WebURLRequest::RequestContext); |
| 83 |
| 71 // FIXME: This should probably have a separate client from FrameLoader. | 84 // FIXME: This should probably have a separate client from FrameLoader. |
| 72 FrameLoaderClient* client() const; | 85 FrameLoaderClient* client() const; |
| 73 | 86 |
| 74 bool canDisplayInsecureContentInternal(SecurityOrigin*, const KURL&, const M
ixedContentType) const; | 87 bool canDisplayInsecureContentInternal(SecurityOrigin*, const KURL&, const M
ixedContentType) const; |
| 75 | 88 |
| 76 bool canRunInsecureContentInternal(SecurityOrigin*, const KURL&, const Mixed
ContentType) const; | 89 bool canRunInsecureContentInternal(SecurityOrigin*, const KURL&, const Mixed
ContentType) const; |
| 77 | 90 |
| 78 void logWarning(bool allowed, const KURL& i, const MixedContentType) const; | 91 void logWarning(bool allowed, const KURL& i, const MixedContentType) const; |
| 79 | 92 |
| 80 LocalFrame* m_frame; | 93 LocalFrame* m_frame; |
| 81 }; | 94 }; |
| 82 | 95 |
| 83 } // namespace blink | 96 } // namespace blink |
| 84 | 97 |
| 85 #endif // MixedContentChecker_h | 98 #endif // MixedContentChecker_h |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 537983002:
Mixed Content: introduce WebURLRequest::RequestContext checks. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk