Mixed Content: Implement strict mode.

Source/core/loader/MixedContentChecker.cpp

 /*
  * Copyright (C) 2012 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 273 matching lines @@
     if (!isMixedContent(frame->document()->securityOrigin(), url))
         return false;
 
     MixedContentChecker::count(frame, resourceRequest.requestContext());
 
     Settings* settings = frame->settings();
     FrameLoaderClient* client = frame->loader().client();
     SecurityOrigin* securityOrigin = frame->document()->securityOrigin();
     bool allowed = false;
 
+    // If we're in strict mode, we'll automagically fail everything, and intentionally skip
+    // the client checks in order to prevent degrading the site's security UI.
+    bool strictMode = frame->document()->shouldEnforceStrictMixedContentChecking();
+
     ContextType contextType = contextTypeFromContext(resourceRequest.requestContext());
     if (contextType == ContextTypeBlockableUnlessLax)
         contextType = RuntimeEnabledFeatures::laxMixedContentCheckingEnabled() ? ContextTypeOptionallyBlockable : ContextTypeBlockable;
 
     // If we're loading the main resource of a subframe, we need to take a close look at the loaded URL.
     // If we're dealing with a CORS-enabled scheme, then block mixed frames as active content. Otherwise,
     // treat frames as passive content.
     //
     // FIXME: Remove this temporary hack once we have a reasonable API for launching external applications
     // via URLs. http://crbug.com/318788 and https://crbug.com/393481
     if (resourceRequest.frameType() == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol()))
         contextType = ContextTypeOptionallyBlockable;
 
     switch (contextType) {
     case ContextTypeOptionallyBlockable:
-        allowed = client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url);
+        allowed = !strictMode && client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), securityOrigin, url);
         if (allowed)
             client->didDisplayInsecureContent();
         break;
 
     case ContextTypeBlockable:
-        allowed = client->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), securityOrigin, url);
+        allowed = !strictMode && client->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), securityOrigin, url);
         if (allowed)
             client->didRunInsecureContent(securityOrigin, url);
         break;
 
     case ContextTypeShouldBeBlockable:
         return false;
 
     case ContextTypeBlockableUnlessLax:
         // We map this to either OptionallyBlockable or Blockable above.
         ASSERT_NOT_REACHED();
@@ skipping 136 matching lines @@
     if (Platform::current()->isReservedIPAddress(resourceIP) && !Platform::current()->isReservedIPAddress(documentIP))
         UseCounter::count(frame->document(), UseCounter::MixedContentPrivateHostnameInPublicHostname);
 }
 
 void MixedContentChecker::trace(Visitor* visitor)
 {
     visitor->trace(m_frame);
 }
 
 } // namespace blink