Revert "Mixed Content: Use a static method to check form actions."

Source/core/loader/MixedContentChecker.cpp

Index: Source/core/loader/MixedContentChecker.cpp
diff --git a/Source/core/loader/MixedContentChecker.cpp b/Source/core/loader/MixedContentChecker.cpp
index e79d2045e3aca03ab3d7d59e9f6e7f18cea582f6..62bbf611caafdbd91447449200f2bac0563471ad 100644
--- a/Source/core/loader/MixedContentChecker.cpp
+++ b/Source/core/loader/MixedContentChecker.cpp
@@ -212,15 +212,12 @@ void MixedContentChecker::logToConsole(LocalFrame* frame, const KURL& url, WebUR
     frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, messageLevel, message));
 }
 
-LocalFrame* MixedContentChecker::inWhichFrameIsThisContentMixed(LocalFrame* frame, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url)
+// static
+bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequest& resourceRequest, const KURL& url)
 {
     // No frame, no mixed content:
     if (!frame)
-        return nullptr;
-
-    // We only care about subresource loads; top-level navigations cannot be mixed content.
-    if (frameType == WebURLRequest::FrameTypeTopLevel)
-        return nullptr;
+        return false;
 
     // Check the top frame first.
     if (Frame* top = frame->tree().top()) {
@@ -228,41 +225,27 @@ LocalFrame* MixedContentChecker::inWhichFrameIsThisContentMixed(LocalFrame* fram
         // is in a different process from the current frame. Until that is done, we bail out
         // early and allow the load.
         if (!top->isLocalFrame())
-            return nullptr;
+            return false;
 
         LocalFrame* localTop = toLocalFrame(top);
-        if (frame != localTop && inWhichFrameIsThisContentMixed(localTop, requestContext, frameType, url))
-            return localTop;
+        if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url))
+            return true;
     }
 
-    // Just count these for the moment, don't block them.
-    if (Platform::current()->isReservedIPAddress(url) && !Platform::current()->isReservedIPAddress(KURL(ParsedURLString, frame->document()->securityOrigin()->toString())))
-        UseCounter::count(frame->document(), contextTypeFromContext(requestContext) == ContextTypeBlockable ? UseCounter::MixedContentPrivateIPInPublicWebsiteActive : UseCounter::MixedContentPrivateIPInPublicWebsitePassive);
+    // We only care about subresource loads; top-level navigations cannot be mixed content.
+    if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel)
+        return false;
 
     // No mixed content, no problem.
     if (!isMixedContent(frame->document()->securityOrigin(), url))
-        return nullptr;
-
-    return frame;
-}
-
-// static
-bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url)
-{
-    LocalFrame* effectiveFrame = inWhichFrameIsThisContentMixed(frame, requestContext, frameType, url);
-    if (!effectiveFrame)
         return false;
 
-    // We grab the settings and client from the frame in which the content was mixed, as it might be
-    // configured to allow mixed content in a different way than the frame in which the content
-    // loads (e.g. if Frame A is allowed to frame an insecure Frame B, we defer to Frame A's settings
-    // when evaluating Frame B's subresource loads). Yes, this is confusing.
-    Settings* settings = effectiveFrame->settings();
-    FrameLoaderClient* client = effectiveFrame->loader().client();
-    SecurityOrigin* securityOrigin = effectiveFrame->document()->securityOrigin();
+    Settings* settings = frame->settings();
+    FrameLoaderClient* client = frame->loader().client();
+    SecurityOrigin* securityOrigin = frame->document()->securityOrigin();
     bool allowed = false;
 
-    ContextType contextType = contextTypeFromContext(requestContext);
+    ContextType contextType = contextTypeFromContext(resourceRequest.requestContext());
     if (contextType == ContextTypeBlockableUnlessLax)
         contextType = RuntimeEnabledFeatures::laxMixedContentCheckingEnabled() ? ContextTypeOptionallyBlockable : ContextTypeBlockable;
 
@@ -288,46 +271,10 @@ bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::Req
         return true;
     };
 
-    // While we use the |effectiveFrame| to grab the settings object, we log the console error in
-    // |frame|, where the violation actually happened.
-    String message = String::format(
-        "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an insecure %s '%s'. %s",
-        frame->document()->url().elidedString().utf8().data(), typeNameFromContext(requestContext), url.elidedString().utf8().data(),
-        allowed ? "This content should also be served over HTTPS." : "This request has been blocked; the content must be served over HTTPS.");
-    MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLevel;
-    frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, messageLevel, message));
-
+    logToConsole(frame, url, resourceRequest.requestContext(), allowed);
     return !allowed;
 }
 
-// static
-bool MixedContentChecker::checkFormAction(LocalFrame* frame, const KURL& url)
-{
-    // For whatever reason, some folks handle forms via JavaScript, and submit to `javascript:void(0)`
-    // rather than calling `preventDefault()`. We special-case `javascript:` URLs here, as they don't
-    // introduce MixedContent for form submissions.
-    if (url.protocolIs("javascript"))
-        return false;
-
-    // If lax mixed content checking is enabled (noooo!), skip this check entirely.
-    if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled())
-        return false;
-
-    LocalFrame* effectiveFrame = inWhichFrameIsThisContentMixed(frame, WebURLRequest::RequestContextForm, WebURLRequest::FrameTypeNone, url);
-    if (!effectiveFrame)
-        return false;
-
-    // No "allowed" check here; we're not yet exposing anything which would block form submission.
-    FrameLoaderClient* client = effectiveFrame->loader().client();
-    client->didDisplayInsecureContent();
-
-    String message = String::format(
-        "Mixed Content: The page at '%s' was loaded over HTTPS, but contains a form whose 'action' attribute is '%s'. This form should not submit data to insecure endpoints.",
-        effectiveFrame->document()->url().elidedString().utf8().data(), url.elidedString().utf8().data());
-    effectiveFrame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, WarningMessageLevel, message));
-    return true;
-}
-
 bool MixedContentChecker::canDisplayInsecureContentInternal(SecurityOrigin* securityOrigin, const KURL& url, const MixedContentType type) const
 {
     // Check the top frame if it differs from MixedContentChecker's m_frame.
@@ -410,6 +357,20 @@ bool MixedContentChecker::canConnectInsecureWebSocket(SecurityOrigin* securityOr
     return canRunInsecureContentInternal(securityOrigin, url, MixedContentChecker::WebSocket);
 }
 
+bool MixedContentChecker::canSubmitToInsecureForm(SecurityOrigin* securityOrigin, const KURL& url) const
+{
+    // For whatever reason, some folks handle forms via JavaScript, and submit to `javascript:void(0)`
+    // rather than calling `preventDefault()`. We special-case `javascript:` URLs here, as they don't
+    // introduce MixedContent for form submissions.
+    if (url.protocolIs("javascript"))
+        return true;
+
+    // If lax mixed content checking is enabled (noooo!), skip this check entirely.
+    if (RuntimeEnabledFeatures::laxMixedContentCheckingEnabled())
+        return true;
+    return canDisplayInsecureContentInternal(securityOrigin, url, MixedContentChecker::Submission);
+}
+
 void MixedContentChecker::logWarning(bool allowed, const KURL& target, const MixedContentType type) const
 {
     StringBuilder message;