Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(85)

Issue 842783002: Mixed Content: Add a static check for WebSockets. (Closed)

Created:
5 years, 11 months ago by Mike West
Modified:
5 years, 11 months ago
CC:
blink-reviews, gavinp+loader_chromium.org, Nate Chapin, tyoshino+watch_chromium.org, yhirano+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/blink.git@lax
Target Ref:
refs/heads/master
Project:
blink
Visibility:
Public.

Description

Mixed Content: Add a static check for WebSockets. This patch migrates the WebSocket check to a static method, which enables us to get rid of `canRunInsecureContent`. There should be no behavioral change for insecure WebSockets, other than a change to the console message which aligns it with the message for other resource types. As a side-effect of reorganizing the frame checks, we also fixed a small bug that output console messages for both the top frame _and_ the child frame when mixed content was detected. Now we output a message for the document in which the content is loaded, even if the top-level document caused the secure context. BUG=411184 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=188054

Patch Set 1 #

Patch Set 2 : Oops. #

Patch Set 3 : Rebase. #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+75 lines, -105 lines) Patch
M LayoutTests/http/tests/security/mixedContent/insecure-css-image-with-reload-expected.txt View 1 chunk +0 lines, -2 lines 0 comments Download
M LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt View 1 chunk +1 line, -1 line 1 comment Download
M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
M LayoutTests/http/tests/security/mixedContent/strict-mode-image-in-frame-blocked.https-expected.txt View 1 chunk +1 line, -1 line 0 comments Download
D LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-sandbox-in-secure-page-expected.txt View 1 chunk +0 lines, -6 lines 0 comments Download
D LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-allowed-expected.txt View 1 chunk +0 lines, -7 lines 0 comments Download
D LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-expected.txt View 1 chunk +0 lines, -6 lines 0 comments Download
D LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-worker-allowed-expected.txt View 1 chunk +0 lines, -7 lines 0 comments Download
D LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-secure-page-worker-expected.txt View 1 chunk +0 lines, -6 lines 0 comments Download
M Source/core/frame/UseCounter.h View 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/loader/MixedContentChecker.h View 1 4 chunks +4 lines, -2 lines 0 comments Download
M Source/core/loader/MixedContentChecker.cpp View 1 2 3 chunks +66 lines, -65 lines 0 comments Download
M Source/modules/websockets/DocumentWebSocketChannel.cpp View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 8 (2 generated)
Mike West
WDYT, Jochen? The deleted test results were testharness tests; they shouldn't have had expectation files ...
5 years, 11 months ago (2015-01-08 08:47:04 UTC) #2
jochen (gone - plz use gerrit)
https://codereview.chromium.org/842783002/diff/40001/LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt File LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt (right): https://codereview.chromium.org/842783002/diff/40001/LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt#newcode1 LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt:1: CONSOLE ERROR: line 1: Mixed Content: The page at ...
5 years, 11 months ago (2015-01-08 13:09:20 UTC) #3
Mike West
On 2015/01/08 13:09:20, jochen (slow) wrote: > https://codereview.chromium.org/842783002/diff/40001/LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt > File > LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt > (right): > ...
5 years, 11 months ago (2015-01-08 14:36:30 UTC) #4
jochen (gone - plz use gerrit)
ok, lgtm
5 years, 11 months ago (2015-01-08 14:37:48 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/842783002/40001
5 years, 11 months ago (2015-01-08 15:01:25 UTC) #7
commit-bot: I haz the power
5 years, 11 months ago (2015-01-08 15:56:51 UTC) #8
Message was sent while issue was closed.
Committed patchset #3 (id:40001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=188054

Powered by Google App Engine
This is Rietveld 408576698