OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 16 matching lines...) Expand all Loading... | |
27 */ | 27 */ |
28 | 28 |
29 #include "config.h" | 29 #include "config.h" |
30 #include "core/loader/MixedContentChecker.h" | 30 #include "core/loader/MixedContentChecker.h" |
31 | 31 |
32 #include "core/dom/Document.h" | 32 #include "core/dom/Document.h" |
33 #include "core/frame/LocalFrame.h" | 33 #include "core/frame/LocalFrame.h" |
34 #include "core/frame/Settings.h" | 34 #include "core/frame/Settings.h" |
35 #include "core/frame/UseCounter.h" | 35 #include "core/frame/UseCounter.h" |
36 #include "core/inspector/ConsoleMessage.h" | 36 #include "core/inspector/ConsoleMessage.h" |
37 #include "core/loader/DocumentLoader.h" | |
37 #include "core/loader/FrameLoader.h" | 38 #include "core/loader/FrameLoader.h" |
38 #include "core/loader/FrameLoaderClient.h" | 39 #include "core/loader/FrameLoaderClient.h" |
39 #include "platform/RuntimeEnabledFeatures.h" | 40 #include "platform/RuntimeEnabledFeatures.h" |
40 #include "platform/weborigin/SchemeRegistry.h" | 41 #include "platform/weborigin/SchemeRegistry.h" |
41 #include "platform/weborigin/SecurityOrigin.h" | 42 #include "platform/weborigin/SecurityOrigin.h" |
42 #include "public/platform/Platform.h" | 43 #include "public/platform/Platform.h" |
43 #include "wtf/text/StringBuilder.h" | 44 #include "wtf/text/StringBuilder.h" |
44 | 45 |
45 namespace blink { | 46 namespace blink { |
46 | 47 |
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
337 FrameLoaderClient* client = effectiveFrame->loader().client(); | 338 FrameLoaderClient* client = effectiveFrame->loader().client(); |
338 client->didDisplayInsecureContent(); | 339 client->didDisplayInsecureContent(); |
339 | 340 |
340 String message = String::format( | 341 String message = String::format( |
341 "Mixed Content: The page at '%s' was loaded over HTTPS, but contains a f orm whose 'action' attribute is '%s'. This form should not submit data to insecu re endpoints.", | 342 "Mixed Content: The page at '%s' was loaded over HTTPS, but contains a f orm whose 'action' attribute is '%s'. This form should not submit data to insecu re endpoints.", |
342 effectiveFrame->document()->url().elidedString().utf8().data(), url.elid edString().utf8().data()); | 343 effectiveFrame->document()->url().elidedString().utf8().data(), url.elid edString().utf8().data()); |
343 effectiveFrame->document()->addConsoleMessage(ConsoleMessage::create(Securit yMessageSource, WarningMessageLevel, message)); | 344 effectiveFrame->document()->addConsoleMessage(ConsoleMessage::create(Securit yMessageSource, WarningMessageLevel, message)); |
344 return true; | 345 return true; |
345 } | 346 } |
346 | 347 |
348 bool MixedContentChecker::checkMixedPrivatePublic(LocalFrame* frame, const Atomi cString& resourceIPAddress) | |
cbentzel
2014/09/12 15:41:10
return bool is not being used.
Probably want to e
Mike West
2014/09/13 04:04:33
Dropped the bool. If/when we decide to start block
| |
349 { | |
350 if (!frame || !frame->document() || !frame->document()->loader()) | |
351 return false; | |
352 | |
353 KURL documentIP(ParsedURLString, "http://" + frame->document()->loader()->re sponse().remoteIPAddress()); | |
354 KURL resourceIP(ParsedURLString, "http://" + resourceIPAddress); | |
355 | |
356 // Just count these for the moment, don't block them. | |
357 // | |
358 // FIXME: Once we know how we want to check this, adjust the platform APIs t o avoid the KURL construction. | |
359 if (Platform::current()->isReservedIPAddress(resourceIP) && !Platform::curre nt()->isReservedIPAddress(documentIP)) { | |
360 UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHost nameInPublicHostname); | |
361 return true; | |
362 } | |
363 return false; | |
364 } | |
365 | |
347 } // namespace blink | 366 } // namespace blink |
OLD | NEW |