chrome/browser/ssl/chrome_ssl_host_state_delegate.cc - Issue 887223005: Skip interstitials and don't block requests for localhost SSL errors

Side by Side Diff: chrome/browser/ssl/chrome_ssl_host_state_delegate.cc

Issue 887223005: Skip interstitials and don't block requests for localhost SSL errors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Added warning in console on localhost SSL errors Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/about_flags.cc ('k') | chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc » ('j') | chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"	5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"

6	6

7 #include <set>	7 #include <set>

8	8

9 #include "base/base64.h"	9 #include "base/base64.h"

10 #include "base/bind.h"	10 #include "base/bind.h"

(...skipping 309 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
320 content::SSLHostStateDelegate::CertJudgment	320 content::SSLHostStateDelegate::CertJudgment

321 ChromeSSLHostStateDelegate::QueryPolicy(const std::string& host,	321 ChromeSSLHostStateDelegate::QueryPolicy(const std::string& host,

322 const net::X509Certificate& cert,	322 const net::X509Certificate& cert,

323 net::CertStatus error,	323 net::CertStatus error,

324 bool* expired_previous_decision) {	324 bool* expired_previous_decision) {

325 HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();	325 HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();

326 GURL url = GetSecureGURLForHost(host);	326 GURL url = GetSecureGURLForHost(host);

327 scoped_ptr<base::Value> value(map->GetWebsiteSetting(	327 scoped_ptr<base::Value> value(map->GetWebsiteSetting(

328 url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));	328 url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));

329	329

	330 // If the appropriate flag is set, let requests on localhost go

	331 // through even if there are certificate errors. Errors on localhost

	332 // are unlikely to indicate actual security problems.

	333 bool allowLocalhost = base::CommandLine::ForCurrentProcess()->
	Ryan Sleevi 2015/02/04 19:34:41 nit: naming wise, this should be allow_localhost ( nit: naming wise, this should be allow_localhost (see the naming rules for http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Variable_Names ) This differs from our JS naming rules (which this would be correct in - see https://google-styleguide.googlecode.com/svn/trunk/javascriptguide.xml#Naming ) estark 2015/02/05 03:02:38 Done. Show quoted text On 2015/02/04 19:34:41, Ryan Sleevi wrote: > nit: naming wise, this should be allow_localhost (see the naming rules for > http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Variable_Names ) > > This differs from our JS naming rules (which this would be correct in - see > https://google-styleguide.googlecode.com/svn/trunk/javascriptguide.xml#Naming ) Done.
	334 HasSwitch(switches::kAllowInsecureLocalhost);

	335 if (allowLocalhost && url.DomainIs("localhost")) {
	felt 2015/02/04 08:06:54 will it always be normalized to "localhost"? what will it always be normalized to "localhost"? what about 127.0.0.1? are there other addresses in the RFC that should count too? estark 2015/02/05 03:02:38 Done -- changed to use net::IsLocalhost, which is Show quoted text On 2015/02/04 08:06:54, felt wrote: > will it always be normalized to "localhost"? what about 127.0.0.1? are there > other addresses in the RFC that should count too? Done -- changed to use net::IsLocalhost, which is "localhost" and 127.0.0.0/8, and maybe .localhost sometime in the future.
	336 return ALLOWED;

	337 }

	338

330 // Set a default value in case this method is short circuited and doesn't do a	339 // Set a default value in case this method is short circuited and doesn't do a

331 // full query.	340 // full query.

332 *expired_previous_decision = false;	341 *expired_previous_decision = false;

333 if (!value.get() \|\| !value->IsType(base::Value::TYPE_DICTIONARY))	342 if (!value.get() \|\| !value->IsType(base::Value::TYPE_DICTIONARY))

334 return DENIED;	343 return DENIED;

335	344

336 base::DictionaryValue* dict; // Owned by value	345 base::DictionaryValue* dict; // Owned by value

337 int policy_decision;	346 int policy_decision;

338 bool success = value->GetAsDictionary(&dict);	347 bool success = value->GetAsDictionary(&dict);

339 DCHECK(success);	348 DCHECK(success);

(...skipping 91 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
431 }	440 }

432	441

433 bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent(	442 bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent(

434 const std::string& host,	443 const std::string& host,

435 int pid) const {	444 int pid) const {

436 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid));	445 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid));

437 }	446 }

438 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) {	447 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) {

439 clock_.reset(clock.release());	448 clock_.reset(clock.release());

440 }	449 }

OLD	NEW