OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2012 Google Inc. All rights reserved. | 2 * Copyright (C) 2012 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions | 5 * modification, are permitted provided that the following conditions |
6 * are met: | 6 * are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 27 matching lines...) Expand all Loading... |
38 #include "core/loader/FrameLoader.h" | 38 #include "core/loader/FrameLoader.h" |
39 #include "core/loader/FrameLoaderClient.h" | 39 #include "core/loader/FrameLoaderClient.h" |
40 #include "platform/RuntimeEnabledFeatures.h" | 40 #include "platform/RuntimeEnabledFeatures.h" |
41 #include "platform/weborigin/SchemeRegistry.h" | 41 #include "platform/weborigin/SchemeRegistry.h" |
42 #include "platform/weborigin/SecurityOrigin.h" | 42 #include "platform/weborigin/SecurityOrigin.h" |
43 #include "public/platform/Platform.h" | 43 #include "public/platform/Platform.h" |
44 #include "wtf/text/StringBuilder.h" | 44 #include "wtf/text/StringBuilder.h" |
45 | 45 |
46 namespace blink { | 46 namespace blink { |
47 | 47 |
48 namespace { | |
49 } // namespace | |
50 | |
51 MixedContentChecker::MixedContentChecker(LocalFrame* frame) | 48 MixedContentChecker::MixedContentChecker(LocalFrame* frame) |
52 : m_frame(frame) | 49 : m_frame(frame) |
53 { | 50 { |
54 } | 51 } |
55 | 52 |
56 FrameLoaderClient* MixedContentChecker::client() const | 53 FrameLoaderClient* MixedContentChecker::client() const |
57 { | 54 { |
58 return m_frame->loader().client(); | 55 return m_frame->loader().client(); |
59 } | 56 } |
60 | 57 |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
206 { | 203 { |
207 String message = String::format( | 204 String message = String::format( |
208 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an
insecure %s '%s'. %s", | 205 "Mixed Content: The page at '%s' was loaded over HTTPS, but requested an
insecure %s '%s'. %s", |
209 frame->document()->url().elidedString().utf8().data(), typeNameFromConte
xt(requestContext), url.elidedString().utf8().data(), | 206 frame->document()->url().elidedString().utf8().data(), typeNameFromConte
xt(requestContext), url.elidedString().utf8().data(), |
210 allowed ? "This content should also be served over HTTPS." : "This reque
st has been blocked; the content must be served over HTTPS."); | 207 allowed ? "This content should also be served over HTTPS." : "This reque
st has been blocked; the content must be served over HTTPS."); |
211 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; | 208 MessageLevel messageLevel = allowed ? WarningMessageLevel : ErrorMessageLeve
l; |
212 frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageS
ource, messageLevel, message)); | 209 frame->document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageS
ource, messageLevel, message)); |
213 } | 210 } |
214 | 211 |
215 // static | 212 // static |
| 213 void MixedContentChecker::count(LocalFrame* frame, WebURLRequest::RequestContext
requestContext) |
| 214 { |
| 215 UseCounter::count(frame, UseCounter::MixedContentPresent); |
| 216 |
| 217 // Roll blockable content up into a single counter, count unblocked types in
dividually so we |
| 218 // can determine when they can be safely moved to the blockable category: |
| 219 ContextType contextType = contextTypeFromContext(requestContext); |
| 220 if (contextType == ContextTypeBlockable || contextType == ContextTypeBlockab
leUnlessLax) { |
| 221 UseCounter::count(frame, UseCounter::MixedContentBlockable); |
| 222 return; |
| 223 } |
| 224 |
| 225 UseCounter::Feature feature; |
| 226 switch (requestContext) { |
| 227 case WebURLRequest::RequestContextAudio: |
| 228 feature = UseCounter::MixedContentAudio; |
| 229 break; |
| 230 case WebURLRequest::RequestContextDownload: |
| 231 feature = UseCounter::MixedContentDownload; |
| 232 break; |
| 233 case WebURLRequest::RequestContextFavicon: |
| 234 feature = UseCounter::MixedContentFavicon; |
| 235 break; |
| 236 case WebURLRequest::RequestContextImage: |
| 237 feature = UseCounter::MixedContentImage; |
| 238 break; |
| 239 case WebURLRequest::RequestContextInternal: |
| 240 feature = UseCounter::MixedContentInternal; |
| 241 break; |
| 242 case WebURLRequest::RequestContextPlugin: |
| 243 feature = UseCounter::MixedContentPlugin; |
| 244 break; |
| 245 case WebURLRequest::RequestContextPrefetch: |
| 246 feature = UseCounter::MixedContentPrefetch; |
| 247 break; |
| 248 case WebURLRequest::RequestContextVideo: |
| 249 feature = UseCounter::MixedContentVideo; |
| 250 break; |
| 251 |
| 252 default: |
| 253 ASSERT_NOT_REACHED(); |
| 254 return; |
| 255 } |
| 256 UseCounter::count(frame, feature); |
| 257 } |
| 258 |
| 259 // static |
216 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequ
est& resourceRequest, const KURL& url, MixedContentChecker::ReportingStatus repo
rtingStatus) | 260 bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, const ResourceRequ
est& resourceRequest, const KURL& url, MixedContentChecker::ReportingStatus repo
rtingStatus) |
217 { | 261 { |
218 // No frame, no mixed content: | 262 // No frame, no mixed content: |
219 if (!frame) | 263 if (!frame) |
220 return false; | 264 return false; |
221 | 265 |
222 // Check the top frame first. | 266 // Check the top frame first. |
223 if (Frame* top = frame->tree().top()) { | 267 if (Frame* top = frame->tree().top()) { |
224 // FIXME: We need a way to access the top-level frame's SecurityOrigin w
hen that frame | 268 // FIXME: We need a way to access the top-level frame's SecurityOrigin w
hen that frame |
225 // is in a different process from the current frame. Until that is done,
we bail out | 269 // is in a different process from the current frame. Until that is done,
we bail out |
226 // early and allow the load. | 270 // early and allow the load. |
227 if (!top->isLocalFrame()) | 271 if (!top->isLocalFrame()) |
228 return false; | 272 return false; |
229 | 273 |
230 LocalFrame* localTop = toLocalFrame(top); | 274 LocalFrame* localTop = toLocalFrame(top); |
231 if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url
, reportingStatus)) | 275 if (frame != localTop && shouldBlockFetch(localTop, resourceRequest, url
, reportingStatus)) |
232 return true; | 276 return true; |
233 } | 277 } |
234 | 278 |
235 // We only care about subresource loads; top-level navigations cannot be mix
ed content. | 279 // We only care about subresource loads; top-level navigations cannot be mix
ed content. |
236 if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel) | 280 if (resourceRequest.frameType() == WebURLRequest::FrameTypeTopLevel) |
237 return false; | 281 return false; |
238 | 282 |
239 // No mixed content, no problem. | 283 // No mixed content, no problem. |
240 if (!isMixedContent(frame->document()->securityOrigin(), url)) | 284 if (!isMixedContent(frame->document()->securityOrigin(), url)) |
241 return false; | 285 return false; |
242 | 286 |
| 287 MixedContentChecker::count(frame, resourceRequest.requestContext()); |
| 288 |
243 Settings* settings = frame->settings(); | 289 Settings* settings = frame->settings(); |
244 FrameLoaderClient* client = frame->loader().client(); | 290 FrameLoaderClient* client = frame->loader().client(); |
245 SecurityOrigin* securityOrigin = frame->document()->securityOrigin(); | 291 SecurityOrigin* securityOrigin = frame->document()->securityOrigin(); |
246 bool allowed = false; | 292 bool allowed = false; |
247 | 293 |
248 ContextType contextType = contextTypeFromContext(resourceRequest.requestCont
ext()); | 294 ContextType contextType = contextTypeFromContext(resourceRequest.requestCont
ext()); |
249 if (contextType == ContextTypeBlockableUnlessLax) | 295 if (contextType == ContextTypeBlockableUnlessLax) |
250 contextType = RuntimeEnabledFeatures::laxMixedContentCheckingEnabled() ?
ContextTypeOptionallyBlockable : ContextTypeBlockable; | 296 contextType = RuntimeEnabledFeatures::laxMixedContentCheckingEnabled() ?
ContextTypeOptionallyBlockable : ContextTypeBlockable; |
251 | 297 |
252 // If we're loading the main resource of a subframe, we need to take a close
look at the loaded URL. | 298 // If we're loading the main resource of a subframe, we need to take a close
look at the loaded URL. |
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
416 if (Platform::current()->isReservedIPAddress(resourceIP) && !Platform::curre
nt()->isReservedIPAddress(documentIP)) | 462 if (Platform::current()->isReservedIPAddress(resourceIP) && !Platform::curre
nt()->isReservedIPAddress(documentIP)) |
417 UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHost
nameInPublicHostname); | 463 UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHost
nameInPublicHostname); |
418 } | 464 } |
419 | 465 |
420 void MixedContentChecker::trace(Visitor* visitor) | 466 void MixedContentChecker::trace(Visitor* visitor) |
421 { | 467 { |
422 visitor->trace(m_frame); | 468 visitor->trace(m_frame); |
423 } | 469 } |
424 | 470 |
425 } // namespace blink | 471 } // namespace blink |
OLD | NEW |