Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(435)

Side by Side Diff: Source/core/loader/MixedContentChecker.cpp

Issue 785133004: Mixed Content: Add use counters for content types. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/loader/MixedContentChecker.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2012 Google Inc. All rights reserved. 2 * Copyright (C) 2012 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright 10 * 2. Redistributions in binary form must reproduce the above copyright
(...skipping 27 matching lines...) Expand all
38 #include "core/loader/FrameLoader.h" 38 #include "core/loader/FrameLoader.h"
39 #include "core/loader/FrameLoaderClient.h" 39 #include "core/loader/FrameLoaderClient.h"
40 #include "platform/RuntimeEnabledFeatures.h" 40 #include "platform/RuntimeEnabledFeatures.h"
41 #include "platform/weborigin/SchemeRegistry.h" 41 #include "platform/weborigin/SchemeRegistry.h"
42 #include "platform/weborigin/SecurityOrigin.h" 42 #include "platform/weborigin/SecurityOrigin.h"
43 #include "public/platform/Platform.h" 43 #include "public/platform/Platform.h"
44 #include "wtf/text/StringBuilder.h" 44 #include "wtf/text/StringBuilder.h"
45 45
46 namespace blink { 46 namespace blink {
47 47
48 namespace {
49 } // namespace
50
51 MixedContentChecker::MixedContentChecker(LocalFrame* frame) 48 MixedContentChecker::MixedContentChecker(LocalFrame* frame)
52 : m_frame(frame) 49 : m_frame(frame)
53 { 50 {
54 } 51 }
55 52
56 FrameLoaderClient* MixedContentChecker::client() const 53 FrameLoaderClient* MixedContentChecker::client() const
57 { 54 {
58 return m_frame->loader().client(); 55 return m_frame->loader().client();
59 } 56 }
60 57
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after
206 { 203 {
207 String message = String::format( 204 String message = String::format(
208 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an insecure %s '%s'. %s", 205 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an insecure %s '%s'. %s",
209 frame->document()->url().elidedString().utf8().data(), typeNameFromConte xt(requestContext), url.elidedString().utf8().data(), 206 frame->document()->url().elidedString().utf8().data(), typeNameFromConte xt(requestContext), url.elidedString().utf8().data(),
210 allowed ? "This content should also be served over HTTPS." : "This reque st has been blocked; the content must be served over HTTPS."); 207 allowed ? "This content should also be served over HTTPS." : "This reque st has been blocked; the content must be served over HTTPS.");
211 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l; 208 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve l;
212 frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageS ource, messageLevel, message)); 209 frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageS ource, messageLevel, message));
213 } 210 }
214 211
215 // static 212 // static
213 void MixedContentChecker::count(LocalFrame* frame, WebURLRequest::RequestContext requestContext)
214 {
215 UseCounter::count(frame, UseCounter::MixedContentPresent);
216
217 // Roll blockable content up into a single counter, count unblocked types in dividually so we
218 // can determine when they can be safely moved to the blockable category:
219 ContextType contextType = contextTypeFromContext(requestContext);
220 if (contextType == ContextTypeBlockable || contextType == ContextTypeBlockab leUnlessLax) {
221 UseCounter::count(frame, UseCounter::MixedContentBlockable);
222 return;
223 }
224
225 UseCounter::Feature feature;
226 switch (requestContext) {
227 case WebURLRequest::RequestContextAudio:
228 feature = UseCounter::MixedContentAudio;
229 break;
230 case WebURLRequest::RequestContextDownload:
231 feature = UseCounter::MixedContentDownload;
232 break;
233 case WebURLRequest::RequestContextFavicon:
234 feature = UseCounter::MixedContentFavicon;
235 break;
236 case WebURLRequest::RequestContextImage:
237 feature = UseCounter::MixedContentImage;
238 break;
239 case WebURLRequest::RequestContextInternal:
240 feature = UseCounter::MixedContentInternal;
241 break;
242 case WebURLRequest::RequestContextPlugin:
243 feature = UseCounter::MixedContentPlugin;
244 break;
245 case WebURLRequest::RequestContextPrefetch:
246 feature = UseCounter::MixedContentPrefetch;
247 break;
248 case WebURLRequest::RequestContextVideo:
249 feature = UseCounter::MixedContentVideo;
250 break;
251
252 default:
253 ASSERT_NOT_REACHED();
254 return;
255 }
256 UseCounter::count(frame, feature);
257 }
258
259 // static
216 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequ est& resourceRequest, const KURL& url, MixedContentChecker::ReportingStatus repo rtingStatus) 260 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequ est& resourceRequest, const KURL& url, MixedContentChecker::ReportingStatus repo rtingStatus)
217 { 261 {
218 // No frame, no mixed content: 262 // No frame, no mixed content:
219 if (!frame) 263 if (!frame)
220 return false; 264 return false;
221 265
222 // Check the top frame first. 266 // Check the top frame first.
223 if (Frame* top = frame->tree().top()) { 267 if (Frame* top = frame->tree().top()) {
224 // FIXME: We need a way to access the top-level frame's SecurityOrigin w hen that frame 268 // FIXME: We need a way to access the top-level frame's SecurityOrigin w hen that frame
225 // is in a different process from the current frame. Until that is done, we bail out 269 // is in a different process from the current frame. Until that is done, we bail out
226 // early and allow the load. 270 // early and allow the load.
227 if (!top->isLocalFrame()) 271 if (!top->isLocalFrame())
228 return false; 272 return false;
229 273
230 LocalFrame* localTop = toLocalFrame(top); 274 LocalFrame* localTop = toLocalFrame(top);
231 if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url , reportingStatus)) 275 if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url , reportingStatus))
232 return true; 276 return true;
233 } 277 }
234 278
235 // We only care about subresource loads; top-level navigations cannot be mix ed content. 279 // We only care about subresource loads; top-level navigations cannot be mix ed content.
236 if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel) 280 if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel)
237 return false; 281 return false;
238 282
239 // No mixed content, no problem. 283 // No mixed content, no problem.
240 if (!isMixedContent(frame->document()->securityOrigin(), url)) 284 if (!isMixedContent(frame->document()->securityOrigin(), url))
241 return false; 285 return false;
242 286
287 MixedContentChecker::count(frame, resourceRequest.requestContext());
288
243 Settings* settings = frame->settings(); 289 Settings* settings = frame->settings();
244 FrameLoaderClient* client = frame->loader().client(); 290 FrameLoaderClient* client = frame->loader().client();
245 SecurityOrigin* securityOrigin = frame->document()->securityOrigin(); 291 SecurityOrigin* securityOrigin = frame->document()->securityOrigin();
246 bool allowed = false; 292 bool allowed = false;
247 293
248 ContextType contextType = contextTypeFromContext(resourceRequest.requestCont ext()); 294 ContextType contextType = contextTypeFromContext(resourceRequest.requestCont ext());
249 if (contextType == ContextTypeBlockableUnlessLax) 295 if (contextType == ContextTypeBlockableUnlessLax)
250 contextType = RuntimeEnabledFeatures::laxMixedContentCheckingEnabled() ? ContextTypeOptionallyBlockable : ContextTypeBlockable; 296 contextType = RuntimeEnabledFeatures::laxMixedContentCheckingEnabled() ? ContextTypeOptionallyBlockable : ContextTypeBlockable;
251 297
252 // If we're loading the main resource of a subframe, we need to take a close look at the loaded URL. 298 // If we're loading the main resource of a subframe, we need to take a close look at the loaded URL.
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
416 if (Platform::current()->isReservedIPAddress(resourceIP) && !Platform::curre nt()->isReservedIPAddress(documentIP)) 462 if (Platform::current()->isReservedIPAddress(resourceIP) && !Platform::curre nt()->isReservedIPAddress(documentIP))
417 UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHost nameInPublicHostname); 463 UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHost nameInPublicHostname);
418 } 464 }
419 465
420 void MixedContentChecker::trace(Visitor* visitor) 466 void MixedContentChecker::trace(Visitor* visitor)
421 { 467 {
422 visitor->trace(m_frame); 468 visitor->trace(m_frame);
423 } 469 }
424 470
425 } // namespace blink 471 } // namespace blink
OLDNEW
« no previous file with comments | « Source/core/loader/MixedContentChecker.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698