Revert "Mixed Content: Use a static method to check form actions."

Source/core/loader/MixedContentChecker.cpp

 /*
  * Copyright (C) 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 194 matching lines @@
 void MixedContentChecker::logToConsole(LocalFrame* frame, const KURL& url, WebURLRequest::RequestContext requestContext, bool allowed)
 {
     String message = String::format(
         "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an insecure %s '%s'. %s",
         frame->document()->url().elidedString().utf8().data(), typeNameFromContext(requestContext), url.elidedString().utf8().data(),
         allowed ? "This content should also be served over HTTPS." : "This request has been blocked; the content must be served over HTTPS.");
     MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel;
     frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, messageLevel, message));
 }
 
-LocalFrame* MixedContentChecker::inWhichFrameIsThisContentMixed(LocalFrame* frame, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url)
+// static
+bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequest& resourceRequest, const KURL& url)
 {
     // No frame, no mixed content:
     if (!frame)
-        return nullptr;
-
-    // We only care about subresource loads; top-level navigations cannot be mixed content.
-    if (frameType == WebURLRequest::FrameTypeTopLevel)
-        return nullptr;
+        return false;
 
     // Check the top frame first.
     if (Frame* top = frame->tree().top()) {
         // FIXME: We need a way to access the top-level frame's SecurityOrigin when that frame
         // is in a different process from the current frame. Until that is done, we bail out
         // early and allow the load.
         if (!top->isLocalFrame())
-            return nullptr;
+            return false;
 
         LocalFrame* localTop = toLocalFrame(top);
-        if (frame != localTop && inWhichFrameIsThisContentMixed(localTop, requestContext, frameType, url))
-            return localTop;
+        if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url))
+            return true;
     }
 
-    // Just count these for the moment, don't block them.
-    if (Platform::current()->isReservedIPAddress(url) && !Platform::current()->isReservedIPAddress(KURL(ParsedURLString, frame->document()->securityOrigin()->toString())))
-        UseCounter::count(frame->document(), contextTypeFromContext(requestContext) == ContextTypeBlockable ? UseCounter::MixedContentPrivateIPInPublicWebsiteActive : UseCounter::MixedContentPrivateIPInPublicWebsitePassive);
+    // We only care about subresource loads; top-level navigations cannot be mixed content.
+    if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel)
+        return false;
 
     // No mixed content, no problem.
     if (!isMixedContent(frame->document()->securityOrigin(), url))
-        return nullptr;
-
-    return frame;
-}
-
-// static
-bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url)
-{
-    LocalFrame* effectiveFrame = inWhichFrameIsThisContentMixed(frame, requestContext, frameType, url);
-    if (!effectiveFrame)
         return false;
 
-    // We grab the settings and client from the frame in which the content was mixed, as it might be
-    // configured to allow mixed content in a different way than the frame in which the content
-    // loads (e.g. if Frame A is allowed to frame an insecure Frame B, we defer to Frame A's settings
-    // when evaluating Frame B's subresource loads). Yes, this is confusing.
-    Settings* settings = effectiveFrame->settings();
-    FrameLoaderClient* client = effectiveFrame->loader().client();
-    SecurityOrigin* securityOrigin = effectiveFrame->document()->securityOrigin();
+    Settings* settings = frame->settings();
+    FrameLoaderClient* client = frame->loader().client();
+    SecurityOrigin* securityOrigin = frame->document()->securityOrigin();
     bool allowed = false;
 
-    ContextType contextType = contextTypeFromContext(requestContext);
+    ContextType contextType = contextTypeFromContext(resourceRequest.requestContext());
     if (contextType == ContextTypeBlockableUnlessLax)
         contextType = RuntimeEnabledFeatures::laxMixedContentCheckingEnabled() ? ContextTypeOptionallyBlockable : ContextTypeBlockable;
 
     switch (contextType) {
     case ContextTypeOptionallyBlockable:
         allowed = client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url);
         if (allowed)
             client->didDisplayInsecureContent();
         break;
 
     case ContextTypeBlockable:
         allowed = client->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), securityOrigin, url);
         if (allowed)
             client->didRunInsecureContent(securityOrigin, url);
         break;
 
     case ContextTypeShouldBeBlockable:
         return false;
 
     case ContextTypeBlockableUnlessLax:
         // We map this to either OptionallyBlockable or Blockable above.
         ASSERT_NOT_REACHED();
         return true;
     };
 
-    // While we use the |effectiveFrame| to grab the settings object, we log the console error in
-    // |frame|, where the violation actually happened.
-    String message = String::format(
-        "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an insecure %s '%s'. %s",
-        frame->document()->url().elidedString().utf8().data(), typeNameFromContext(requestContext), url.elidedString().utf8().data(),
-        allowed ? "This content should also be served over HTTPS." : "This request has been blocked; the content must be served over HTTPS.");
-    MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel;
-    frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, messageLevel, message));
-
+    logToConsole(frame, url, resourceRequest.requestContext(), allowed);
     return !allowed;
 }
 
-// static
-bool MixedContentChecker::checkFormAction(LocalFrame* frame, const KURL& url)
-{
-    // For whatever reason, some folks handle forms via JavaScript, and submit to `javascript:void(0)`
-    // rather than calling `preventDefault()`. We special-case `javascript:` URLs here, as they don't
-    // introduce MixedContent for form submissions.
-    if (url.protocolIs("javascript"))
-        return false;
-
-    // If lax mixed content checking is enabled (noooo!), skip this check entirely.
-    if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled())
-        return false;
-
-    LocalFrame* effectiveFrame = inWhichFrameIsThisContentMixed(frame, WebURLRequest::RequestContextForm, WebURLRequest::FrameTypeNone, url);
-    if (!effectiveFrame)
-        return false;
-
-    // No "allowed" check here; we're not yet exposing anything which would block form submission.
-    FrameLoaderClient* client = effectiveFrame->loader().client();
-    client->didDisplayInsecureContent();
-
-    String message = String::format(
-        "Mixed Content: The page at '%s' was loaded over HTTPS, but contains a form whose 'action' attribute is '%s'. This form should not submit data to insecure endpoints.",
-        effectiveFrame->document()->url().elidedString().utf8().data(), url.elidedString().utf8().data());
-    effectiveFrame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, WarningMessageLevel, message));
-    return true;
-}
-
 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, const MixedContentType type) const
 {
     // Check the top frame if it differs from MixedContentChecker's m_frame.
     if (!m_frame->tree().top()->isLocalFrame()) {
         // FIXME: We need a way to access the top-level frame's MixedContentChecker when that frame
         // is in a different process from the current frame. Until that is done, we always allow
         // loads in remote frames.
         return false;
     }
     Frame* top = m_frame->tree().top();
@@ skipping 62 matching lines @@
     return canDisplayInsecureContentInternal(securityOrigin, url, MixedContentChecker::Display);
 }
 
 bool MixedContentChecker::canConnectInsecureWebSocket(SecurityOrigin* securityOrigin, const KURL& url) const
 {
     if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled())
         return canDisplayInsecureContentInternal(securityOrigin, url, MixedContentChecker::WebSocket);
     return canRunInsecureContentInternal(securityOrigin, url, MixedContentChecker::WebSocket);
 }
 
+bool MixedContentChecker::canSubmitToInsecureForm(SecurityOrigin* securityOrigin, const KURL& url) const
+{
+    // For whatever reason, some folks handle forms via JavaScript, and submit to `javascript:void(0)`
+    // rather than calling `preventDefault()`. We special-case `javascript:` URLs here, as they don't
+    // introduce MixedContent for form submissions.
+    if (url.protocolIs("javascript"))
+        return true;
+
+    // If lax mixed content checking is enabled (noooo!), skip this check entirely.
+    if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled())
+        return true;
+    return canDisplayInsecureContentInternal(securityOrigin, url, MixedContentChecker::Submission);
+}
+
 void MixedContentChecker::logWarning(bool allowed, const KURL& target, const MixedContentType type) const
 {
     StringBuilder message;
     message.append((allowed ? "" : "[blocked] "));
     message.append("The page at '" + m_frame->document()->url().elidedString() + "' was loaded over HTTPS, but ");
     switch (type) {
     case Display:
         message.append("displayed insecure content from '" + target.elidedString() + "': this content should also be loaded over HTTPS.\n");
         break;
     case Execution:
@@ skipping 22 matching lines @@
     if (Platform::current()->isReservedIPAddress(resourceIP) && !Platform::current()->isReservedIPAddress(documentIP))
         UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHostnameInPublicHostname);
 }
 
 void MixedContentChecker::trace(Visitor* visitor)
 {
     visitor->trace(m_frame);
 }
 
 } // namespace blink