Skip interstitials and don't block requests for localhost SSL errors

content/renderer/render_frame_impl.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/render_frame_impl.h"
 
 #include <map>
 #include <string>
 
 #include "base/auto_reset.h"
@@ skipping 88 matching lines @@
 #include "gin/modules/module_registry.h"
 #include "media/base/audio_renderer_mixer_input.h"
 #include "media/base/media_log.h"
 #include "media/blink/webcontentdecryptionmodule_impl.h"
 #include "media/blink/webencryptedmediaclient_impl.h"
 #include "media/blink/webmediaplayer_impl.h"
 #include "media/blink/webmediaplayer_params.h"
 #include "media/filters/gpu_video_accelerator_factories.h"
 #include "net/base/data_url.h"
 #include "net/base/net_errors.h"
+#include "net/base/net_util.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
+#include "net/cert/cert_status_flags.h"
 #include "net/http/http_util.h"
 #include "third_party/WebKit/public/platform/WebStorageQuotaCallbacks.h"
 #include "third_party/WebKit/public/platform/WebString.h"
 #include "third_party/WebKit/public/platform/WebURL.h"
 #include "third_party/WebKit/public/platform/WebURLError.h"
 #include "third_party/WebKit/public/platform/WebURLResponse.h"
 #include "third_party/WebKit/public/platform/WebVector.h"
 #include "third_party/WebKit/public/web/WebColorSuggestion.h"
+#include "third_party/WebKit/public/web/WebConsoleMessage.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFrameWidget.h"
 #include "third_party/WebKit/public/web/WebGlyphCache.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
 #include "third_party/WebKit/public/web/WebMediaStreamRegistry.h"
 #include "third_party/WebKit/public/web/WebNavigationPolicy.h"
 #include "third_party/WebKit/public/web/WebPlugin.h"
 #include "third_party/WebKit/public/web/WebPluginParams.h"
 #include "third_party/WebKit/public/web/WebPluginPlaceholder.h"
 #include "third_party/WebKit/public/web/WebRange.h"
@@ skipping 2601 matching lines @@
       TRACE_EVENT_INSTANT0("WebCore", "LoadFinished",
                            TRACE_EVENT_SCOPE_PROCESS);
     }
     document_state->set_finish_load_time(Time::Now());
   }
 
   FOR_EACH_OBSERVER(RenderViewObserver, render_view_->observers(),
                     DidFinishLoad(frame));
   FOR_EACH_OBSERVER(RenderFrameObserver, observers_, DidFinishLoad());
 
+  // If the navigation is to a localhost URL (and the flag is set to
+  // allow localhost SSL misconfigurations), print a warning to the
+  // console telling the developer to check their SSL configuration
+  // before going to production.

[davidben, 2015/02/11 04:13:14]

This only pays attention to the navigation request and not subresources, right?
(Since it's just looking at ds->request().url().) It might be better to key this
on the commit point (where we switch documents), so didCommitProvisionalLoad.
didFinishLoad is when the load event fires which depends on subresources and
recursively on the load events of any child frames.

I'd also suggest putting the logic in //chrome in a
RenderFrameObserver::DidCommitProvisionalLoad rather than //content. The logic
to let the certificate error through happens in //chrome, so it makes sense to
put the corresponding warning there too. (ChromeRenderFrameObserver? Probably no
need to attach a whole new one for a one-off thing like this.)

[estark, 2015/02/11 18:54:42]

Done -- mostly. DidCommitProvisionalLoad doesn't seem to work so well because
the console gets cleared after that, so you only see the message if you have
"Preserve log" checked. So I put it in DidFinishDocumentLoad, which seems to not
have to wait for all subresources at least. What do you think?

[davidben, 2015/02/11 19:41:35]

Huh. I guess some things are ordered funny. I wonder if we have other places
where console messages key on the document's response info (some header or text
encoding maybe), maybe within Blink itself, and when those trigger.

*shrug* This seems fine too.

+  bool allow_localhost = base::CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kAllowInsecureLocalhost);
+
+  if (allow_localhost) {
+    SSLStatus ssl_status = render_view_->GetSSLStatusOfFrame(frame_);
+    bool is_cert_error = net::IsCertStatusError(ssl_status.cert_status) &&
+                         !net::IsCertStatusMinorError(ssl_status.cert_status);
+    bool is_localhost = net::IsLocalhost(GURL(ds->request().url()).host());
+
+    if (is_cert_error && is_localhost) {
+      frame_->addMessageToConsole(blink::WebConsoleMessage(
+          blink::WebConsoleMessage::LevelWarning,
+          base::ASCIIToUTF16(
+              "This site does not have a valid SSL "
+              "certificate! Without SSL, your site's and "
+              "visitors' data is vulnerable to theft and "
+              "tampering. Get a valid SSL certificate before"
+              " releasing your website to the public.")));
+    }
+  }
+
   // Don't send this message while the frame is swapped out.
   if (is_swapped_out())
     return;
 
   Send(new FrameHostMsg_DidFinishLoad(routing_id_,
                                       ds->request().url()));
 }
 
 void RenderFrameImpl::didNavigateWithinPage(blink::WebLocalFrame* frame,
     const blink::WebHistoryItem& item,
@@ skipping 1725 matching lines @@
 
 #if defined(ENABLE_BROWSER_CDMS)
 RendererCdmManager* RenderFrameImpl::GetCdmManager() {
   if (!cdm_manager_)
     cdm_manager_ = new RendererCdmManager(this);
   return cdm_manager_;
 }
 #endif  // defined(ENABLE_BROWSER_CDMS)
 
 }  // namespace content