OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 14 matching lines...) Expand all Loading... |
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 */ | 27 */ |
28 | 28 |
29 #include "config.h" | 29 #include "config.h" |
30 #include "core/loader/MixedContentChecker.h" | 30 #include "core/loader/MixedContentChecker.h" |
31 | 31 |
32 #include "core/dom/Document.h" | 32 #include "core/dom/Document.h" |
33 #include "core/frame/LocalFrame.h" | 33 #include "core/frame/LocalFrame.h" |
34 #include "core/frame/Settings.h" | 34 #include "core/frame/Settings.h" |
| 35 #include "core/frame/UseCounter.h" |
35 #include "core/inspector/ConsoleMessage.h" | 36 #include "core/inspector/ConsoleMessage.h" |
36 #include "core/loader/FrameLoader.h" | 37 #include "core/loader/FrameLoader.h" |
37 #include "core/loader/FrameLoaderClient.h" | 38 #include "core/loader/FrameLoaderClient.h" |
38 #include "platform/RuntimeEnabledFeatures.h" | 39 #include "platform/RuntimeEnabledFeatures.h" |
39 #include "platform/weborigin/SchemeRegistry.h" | 40 #include "platform/weborigin/SchemeRegistry.h" |
40 #include "platform/weborigin/SecurityOrigin.h" | 41 #include "platform/weborigin/SecurityOrigin.h" |
| 42 #include "public/platform/Platform.h" |
41 #include "wtf/text/StringBuilder.h" | 43 #include "wtf/text/StringBuilder.h" |
42 | 44 |
43 namespace blink { | 45 namespace blink { |
44 | 46 |
45 MixedContentChecker::MixedContentChecker(LocalFrame* frame) | 47 MixedContentChecker::MixedContentChecker(LocalFrame* frame) |
46 : m_frame(frame) | 48 : m_frame(frame) |
47 { | 49 { |
48 } | 50 } |
49 | 51 |
50 FrameLoaderClient* MixedContentChecker::client() const | 52 FrameLoaderClient* MixedContentChecker::client() const |
(...skipping 17 matching lines...) Expand all Loading... |
68 if (!m_frame->tree().top()->isLocalFrame()) { | 70 if (!m_frame->tree().top()->isLocalFrame()) { |
69 // FIXME: We need a way to access the top-level frame's MixedContentChec
ker when that frame | 71 // FIXME: We need a way to access the top-level frame's MixedContentChec
ker when that frame |
70 // is in a different process from the current frame. Until that is done,
we always allow | 72 // is in a different process from the current frame. Until that is done,
we always allow |
71 // loads in remote frames. | 73 // loads in remote frames. |
72 return false; | 74 return false; |
73 } | 75 } |
74 Frame* top = m_frame->tree().top(); | 76 Frame* top = m_frame->tree().top(); |
75 if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->ca
nDisplayInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url)) | 77 if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->ca
nDisplayInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url)) |
76 return false; | 78 return false; |
77 | 79 |
| 80 // Just count these for the moment, don't block them. |
| 81 if (Platform::current()->isReservedIPAddress(url) && !Platform::current()->i
sReservedIPAddress(KURL(ParsedURLString, securityOrigin->toString()))) |
| 82 UseCounter::count(m_frame->document(), UseCounter::MixedContentPrivateIP
InPublicWebsitePassive); |
| 83 |
78 // Then check the current frame: | 84 // Then check the current frame: |
79 if (!isMixedContent(securityOrigin, url)) | 85 if (!isMixedContent(securityOrigin, url)) |
80 return true; | 86 return true; |
81 | 87 |
82 Settings* settings = m_frame->settings(); | 88 Settings* settings = m_frame->settings(); |
83 bool allowed = client()->allowDisplayingInsecureContent(settings && settings
->allowDisplayOfInsecureContent(), securityOrigin, url); | 89 bool allowed = client()->allowDisplayingInsecureContent(settings && settings
->allowDisplayOfInsecureContent(), securityOrigin, url); |
84 logWarning(allowed, url, type); | 90 logWarning(allowed, url, type); |
85 | 91 |
86 if (allowed) | 92 if (allowed) |
87 client()->didDisplayInsecureContent(); | 93 client()->didDisplayInsecureContent(); |
88 | 94 |
89 return allowed; | 95 return allowed; |
90 } | 96 } |
91 | 97 |
92 bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security
Origin, const KURL& url, const MixedContentType type) const | 98 bool MixedContentChecker::canRunInsecureContentInternal(SecurityOrigin* security
Origin, const KURL& url, const MixedContentType type) const |
93 { | 99 { |
94 // Check the top frame if it differs from MixedContentChecker's m_frame. | 100 // Check the top frame if it differs from MixedContentChecker's m_frame. |
95 if (!m_frame->tree().top()->isLocalFrame()) { | 101 if (!m_frame->tree().top()->isLocalFrame()) { |
96 // FIXME: We need a way to access the top-level frame's MixedContentChec
ker when that frame | 102 // FIXME: We need a way to access the top-level frame's MixedContentChec
ker when that frame |
97 // is in a different process from the current frame. Until that is done,
we always allow | 103 // is in a different process from the current frame. Until that is done,
we always allow |
98 // loads in remote frames. | 104 // loads in remote frames. |
99 return false; | 105 return false; |
100 } | 106 } |
101 Frame* top = m_frame->tree().top(); | 107 Frame* top = m_frame->tree().top(); |
102 if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->ca
nRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url)) | 108 if (top != m_frame && !toLocalFrame(top)->loader().mixedContentChecker()->ca
nRunInsecureContent(toLocalFrame(top)->document()->securityOrigin(), url)) |
103 return false; | 109 return false; |
104 | 110 |
| 111 // Just count these for the moment, don't block them. |
| 112 if (Platform::current()->isReservedIPAddress(url) && !Platform::current()->i
sReservedIPAddress(KURL(ParsedURLString, securityOrigin->toString()))) |
| 113 UseCounter::count(m_frame->document(), UseCounter::MixedContentPrivateIP
InPublicWebsiteActive); |
| 114 |
105 // Then check the current frame: | 115 // Then check the current frame: |
106 if (!isMixedContent(securityOrigin, url)) | 116 if (!isMixedContent(securityOrigin, url)) |
107 return true; | 117 return true; |
108 | 118 |
109 Settings* settings = m_frame->settings(); | 119 Settings* settings = m_frame->settings(); |
110 bool allowedPerSettings = settings && (settings->allowRunningOfInsecureConte
nt() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket())); | 120 bool allowedPerSettings = settings && (settings->allowRunningOfInsecureConte
nt() || ((type == WebSocket) && settings->allowConnectingInsecureWebSocket())); |
111 bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, sec
urityOrigin, url); | 121 bool allowed = client()->allowRunningInsecureContent(allowedPerSettings, sec
urityOrigin, url); |
112 logWarning(allowed, url, type); | 122 logWarning(allowed, url, type); |
113 | 123 |
114 if (allowed) | 124 if (allowed) |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 break; | 175 break; |
166 case Submission: | 176 case Submission: |
167 message.append("is submitting data to an insecure location at '" + targe
t.elidedString() + "': this content should also be submitted over HTTPS.\n"); | 177 message.append("is submitting data to an insecure location at '" + targe
t.elidedString() + "': this content should also be submitted over HTTPS.\n"); |
168 break; | 178 break; |
169 } | 179 } |
170 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; | 180 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; |
171 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag
eSource, messageLevel, message.toString())); | 181 m_frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessag
eSource, messageLevel, message.toString())); |
172 } | 182 } |
173 | 183 |
174 } // namespace blink | 184 } // namespace blink |
OLD | NEW |