Mixed Content: Add a static check for WebSockets.

Mixed Content: Add a static check for WebSockets.

This patch migrates the WebSocket check to a static method, which enables
us to get rid of `canRunInsecureContent`. There should be no behavioral
change for insecure WebSockets, other than a change to the console message
which aligns it with the message for other resource types.

As a side-effect of reorganizing the frame checks, we also fixed a small
bug that output console messages for both the top frame _and_ the child
frame when mixed content was detected. Now we output a message for the
document in which the content is loaded, even if the top-level document
caused the secure context.

BUG=411184
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=188054

[Mike West, 2015-01-08 08:47:03]

mkwst@chromium.org changed reviewers:
+ jochen@chromium.org

[Mike West, 2015-01-08 08:47:04]

WDYT, Jochen?

The deleted test results were testharness tests; they shouldn't have had
expectation files to begin with, and now presubmit is enforcing that.

[jochen (gone - plz use gerrit), 2015-01-08 13:09:20]

https://codereview.chromium.org/842783002/diff/40001/LayoutTests/http/tests/s...
File
LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt
(right):

https://codereview.chromium.org/842783002/diff/40001/LayoutTests/http/tests/s...
LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt:1:
CONSOLE ERROR: line 1: Mixed Content: The page at 'data:text/html,<html><iframe
src='http://127.0.0.1:8080/security/mixedContent/resources/boring.html'></iframe></html>'
was loaded over HTTPS, but requested an insecure resource
'http://127.0.0.1:8080/security/mixedContent/resources/boring.html'. This
request has been blocked; the content must be served over HTTPS.
that looks kinda odd - "The page at 'data:...' was loaded over HTTPS," maybe
some better wording would help to clarify this? Something like "The page at ''
is a secure context, but requested..." or something?

[Mike West, 2015-01-08 14:36:30]

On 2015/01/08 13:09:20, jochen (slow) wrote:
>
https://codereview.chromium.org/842783002/diff/40001/LayoutTests/http/tests/s...
> File
>
LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt
> (right):
> 
>
https://codereview.chromium.org/842783002/diff/40001/LayoutTests/http/tests/s...
>
LayoutTests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt:1:
> CONSOLE ERROR: line 1: Mixed Content: The page at
'data:text/html,<html><iframe
>
src='http://127.0.0.1:8080/security/mixedContent/resources/boring.html'></iframe></html>'
> was loaded over HTTPS, but requested an insecure resource
> 'http://127.0.0.1:8080/security/mixedContent/resources/boring.html'. This
> request has been blocked; the content must be served over HTTPS.
> that looks kinda odd - "The page at 'data:...' was loaded over HTTPS," maybe
> some better wording would help to clarify this? Something like "The page at ''
> is a secure context, but requested..." or something?

Totally agree. I didn't want to change that in this CL, as it would rebaseline
all the mixed content tests, but I do want to change that. You'll note that the
form CL you looked at a few minutes ago uses wording more or less along the
lines of what you're suggesting here: "... was loaded 
   over a secure connection ...".

[jochen (gone - plz use gerrit), 2015-01-08 14:37:48]

ok, lgtm

[Mike West, 2015-01-08 15:00:12]

The CQ bit was checked by mkwst@chromium.org

[commit-bot: I haz the power, 2015-01-08 15:01:25]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/842783002/40001

[commit-bot: I haz the power, 2015-01-08 15:56:51]

Committed patchset #3 (id:40001) as
https://src.chromium.org/viewvc/blink?view=rev&revision=188054