Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(475)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/MixedContentChecker.h

Issue 638253002: Revert "Mixed Content: Use a static method to check form actions." (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/html/parser/HTMLResourcePreloader.cpp ('k') | Source/core/loader/MixedContentChecker.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2012 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 14 matching lines...) Expand all
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */ 29 */
30 30
31 #ifndef MixedContentChecker_h 31 #ifndef MixedContentChecker_h
32 #define MixedContentChecker_h 32 #define MixedContentChecker_h
33 33
34 #include "platform/heap/Handle.h" 34 #include "platform/heap/Handle.h"
35 #include "platform/network/ResourceRequest.h"
36 #include "public/platform/WebURLRequest.h" 35 #include "public/platform/WebURLRequest.h"
37 #include "wtf/text/WTFString.h" 36 #include "wtf/text/WTFString.h"
38 37
39 namespace blink { 38 namespace blink {
40 39
41 class FrameLoaderClient; 40 class FrameLoaderClient;
42 class LocalFrame; 41 class LocalFrame;
43 class KURL; 42 class KURL;
44 class SecurityOrigin; 43 class SecurityOrigin;
45 44
46 class MixedContentChecker final { 45 class MixedContentChecker final {
47 WTF_MAKE_NONCOPYABLE(MixedContentChecker); 46 WTF_MAKE_NONCOPYABLE(MixedContentChecker);
48 DISALLOW_ALLOCATION(); 47 DISALLOW_ALLOCATION();
49 public: 48 public:
50 explicit MixedContentChecker(LocalFrame*); 49 explicit MixedContentChecker(LocalFrame*);
51 50
52 static bool shouldBlockFetch(LocalFrame* frame, const ResourceRequest& reque st, const KURL& url) 51 static bool shouldBlockFetch(LocalFrame*, const ResourceRequest&, const KURL &);
53 {
54 return shouldBlockFetch(frame, request.requestContext(), request.frameTy pe(), url);
55 }
56 static bool shouldBlockFetch(LocalFrame*, WebURLRequest::RequestContext, Web URLRequest::FrameType, const KURL&);
57 static bool checkFormAction(LocalFrame*, const KURL&);
58 52
59 bool canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& u rl) const 53 bool canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& u rl) const
60 { 54 {
61 return canDisplayInsecureContentInternal(securityOrigin, url, MixedConte ntChecker::Display); 55 return canDisplayInsecureContentInternal(securityOrigin, url, MixedConte ntChecker::Display);
62 } 56 }
63 57
64 bool canRunInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const 58 bool canRunInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const
65 { 59 {
66 return canRunInsecureContentInternal(securityOrigin, url, MixedContentCh ecker::Execution); 60 return canRunInsecureContentInternal(securityOrigin, url, MixedContentCh ecker::Execution);
67 } 61 }
68 62
63 bool canSubmitToInsecureForm(SecurityOrigin*, const KURL&) const;
69 bool canConnectInsecureWebSocket(SecurityOrigin*, const KURL&) const; 64 bool canConnectInsecureWebSocket(SecurityOrigin*, const KURL&) const;
70 bool canFrameInsecureContent(SecurityOrigin*, const KURL&) const; 65 bool canFrameInsecureContent(SecurityOrigin*, const KURL&) const;
71 static bool isMixedContent(SecurityOrigin*, const KURL&); 66 static bool isMixedContent(SecurityOrigin*, const KURL&);
72 67
73 static void checkMixedPrivatePublic(LocalFrame*, const AtomicString& resourc eIPAddress); 68 static void checkMixedPrivatePublic(LocalFrame*, const AtomicString& resourc eIPAddress);
74 69
75 void trace(Visitor*); 70 void trace(Visitor*);
76 71
77 private: 72 private:
78 enum MixedContentType { 73 enum MixedContentType {
79 Display, 74 Display,
80 Execution, 75 Execution,
81 WebSocket, 76 WebSocket,
82 Submission 77 Submission
83 }; 78 };
84 79
85 enum ContextType { 80 enum ContextType {
86 ContextTypeBlockable, 81 ContextTypeBlockable,
87 ContextTypeOptionallyBlockable, 82 ContextTypeOptionallyBlockable,
88 ContextTypeShouldBeBlockable, 83 ContextTypeShouldBeBlockable,
89 ContextTypeBlockableUnlessLax 84 ContextTypeBlockableUnlessLax
90 }; 85 };
91 86
92 static LocalFrame* inWhichFrameIsThisContentMixed(LocalFrame*, WebURLRequest ::RequestContext, WebURLRequest::FrameType, const KURL&);
93
94 static ContextType contextTypeFromContext(WebURLRequest::RequestContext); 87 static ContextType contextTypeFromContext(WebURLRequest::RequestContext);
95 static const char* typeNameFromContext(WebURLRequest::RequestContext); 88 static const char* typeNameFromContext(WebURLRequest::RequestContext);
96 static void logToConsole(LocalFrame*, const KURL&, WebURLRequest::RequestCon text, bool allowed); 89 static void logToConsole(LocalFrame*, const KURL&, WebURLRequest::RequestCon text, bool allowed);
97 90
98 // FIXME: This should probably have a separate client from FrameLoader. 91 // FIXME: This should probably have a separate client from FrameLoader.
99 FrameLoaderClient* client() const; 92 FrameLoaderClient* client() const;
100 93
101 bool canDisplayInsecureContentInternal(SecurityOrigin*, const KURL&, const M ixedContentType) const; 94 bool canDisplayInsecureContentInternal(SecurityOrigin*, const KURL&, const M ixedContentType) const;
102 95
103 bool canRunInsecureContentInternal(SecurityOrigin*, const KURL&, const Mixed ContentType) const; 96 bool canRunInsecureContentInternal(SecurityOrigin*, const KURL&, const Mixed ContentType) const;
104 97
105 void logWarning(bool allowed, const KURL& i, const MixedContentType) const; 98 void logWarning(bool allowed, const KURL& i, const MixedContentType) const;
106 99
107 RawPtrWillBeMember<LocalFrame> m_frame; 100 RawPtrWillBeMember<LocalFrame> m_frame;
108 }; 101 };
109 102
110 } // namespace blink 103 } // namespace blink
111 104
112 #endif // MixedContentChecker_h 105 #endif // MixedContentChecker_h
OLDNEW
« no previous file with comments | « Source/core/html/parser/HTMLResourcePreloader.cpp ('k') | Source/core/loader/MixedContentChecker.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698