chrome/browser/ssl/chrome_ssl_host_state_delegate.cc - Issue 887223005: Skip interstitials and don't block requests for localhost SSL errors

Side by Side Diff: chrome/browser/ssl/chrome_ssl_host_state_delegate.cc

Issue 887223005: Skip interstitials and don't block requests for localhost SSL errors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fixes from previous round of feedback Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/about_flags.cc ('k') | chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc » ('j') | chrome/browser/ssl/chrome_ssl_host_state_delegate_test.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"	5 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h"

6	6

7 #include <set>	7 #include <set>

8	8

9 #include "base/base64.h"	9 #include "base/base64.h"

10 #include "base/bind.h"	10 #include "base/bind.h"

11 #include "base/command_line.h"	11 #include "base/command_line.h"

12 #include "base/guid.h"	12 #include "base/guid.h"

13 #include "base/logging.h"	13 #include "base/logging.h"

14 #include "base/metrics/field_trial.h"	14 #include "base/metrics/field_trial.h"

15 #include "base/strings/string_number_conversions.h"	15 #include "base/strings/string_number_conversions.h"

16 #include "base/time/clock.h"	16 #include "base/time/clock.h"

17 #include "base/time/default_clock.h"	17 #include "base/time/default_clock.h"

18 #include "base/time/time.h"	18 #include "base/time/time.h"

19 #include "base/values.h"	19 #include "base/values.h"

20 #include "chrome/browser/profiles/profile.h"	20 #include "chrome/browser/profiles/profile.h"

21 #include "chrome/common/chrome_switches.h"	21 #include "chrome/common/chrome_switches.h"

22 #include "components/content_settings/core/browser/host_content_settings_map.h"	22 #include "components/content_settings/core/browser/host_content_settings_map.h"

23 #include "components/content_settings/core/common/content_settings_types.h"	23 #include "components/content_settings/core/common/content_settings_types.h"

24 #include "components/variations/variations_associated_data.h"	24 #include "components/variations/variations_associated_data.h"

	25 #include "content/public/common/content_switches.h"

25 #include "net/base/hash_value.h"	26 #include "net/base/hash_value.h"

	27 #include "net/base/net_util.h"

26 #include "net/cert/x509_certificate.h"	28 #include "net/cert/x509_certificate.h"

27 #include "net/http/http_transaction_factory.h"	29 #include "net/http/http_transaction_factory.h"

28 #include "net/url_request/url_request_context.h"	30 #include "net/url_request/url_request_context.h"

29 #include "net/url_request/url_request_context_getter.h"	31 #include "net/url_request/url_request_context_getter.h"

30 #include "url/gurl.h"	32 #include "url/gurl.h"

31	33

32 namespace {	34 namespace {

33	35

34 // Switch value that specifies that certificate decisions should be forgotten at	36 // Switch value that specifies that certificate decisions should be forgotten at

35 // the end of the current session.	37 // the end of the current session.

(...skipping 284 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
320 content::SSLHostStateDelegate::CertJudgment	322 content::SSLHostStateDelegate::CertJudgment

321 ChromeSSLHostStateDelegate::QueryPolicy(const std::string& host,	323 ChromeSSLHostStateDelegate::QueryPolicy(const std::string& host,

322 const net::X509Certificate& cert,	324 const net::X509Certificate& cert,

323 net::CertStatus error,	325 net::CertStatus error,

324 bool* expired_previous_decision) {	326 bool* expired_previous_decision) {

325 HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();	327 HostContentSettingsMap* map = profile_->GetHostContentSettingsMap();

326 GURL url = GetSecureGURLForHost(host);	328 GURL url = GetSecureGURLForHost(host);

327 scoped_ptr<base::Value> value(map->GetWebsiteSetting(	329 scoped_ptr<base::Value> value(map->GetWebsiteSetting(

328 url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));	330 url, url, CONTENT_SETTINGS_TYPE_SSL_CERT_DECISIONS, std::string(), NULL));

329	331

	332 // If the appropriate flag is set, let requests on localhost go

	333 // through even if there are certificate errors. Errors on localhost

	334 // are unlikely to indicate actual security problems.

	335 bool allow_localhost = base::CommandLine::ForCurrentProcess()->
	jww 2015/02/09 19:29:38 The "expired_previous_decision = false;" line sho The "expired_previous_decision = false;" line should go before this code, otherwise the caller will have a mystery return value. estark 2015/02/09 20:48:40 Done. Show quoted text On 2015/02/09 19:29:38, jww wrote: > The "*expired_previous_decision = false;" line should go before this code, > otherwise the caller will have a mystery return value. Done.
	336 HasSwitch(switches::kAllowInsecureLocalhost);

	337 if (allow_localhost && net::IsLocalhost(url.host())) {

	338 return ALLOWED;

	339 }
	Ryan Sleevi 2015/02/09 19:31:34 Note: Consistent with the style in the rest of thi Note: Consistent with the style in the rest of this file, you would omit the {} for the single-line if. ( http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Conditionals lists them as optional, so defer to local code patterns) estark 2015/02/09 20:48:40 Done. Show quoted text On 2015/02/09 19:31:34, Ryan Sleevi wrote: > Note: Consistent with the style in the rest of this file, you would omit the {} > for the single-line if. > > ( http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Conditionals > lists them as optional, so defer to local code patterns) Done.
	340

330 // Set a default value in case this method is short circuited and doesn't do a	341 // Set a default value in case this method is short circuited and doesn't do a

331 // full query.	342 // full query.

332 *expired_previous_decision = false;	343 *expired_previous_decision = false;

333 if (!value.get() \|\| !value->IsType(base::Value::TYPE_DICTIONARY))	344 if (!value.get() \|\| !value->IsType(base::Value::TYPE_DICTIONARY))

334 return DENIED;	345 return DENIED;

335	346

336 base::DictionaryValue* dict; // Owned by value	347 base::DictionaryValue* dict; // Owned by value

337 int policy_decision;	348 int policy_decision;

338 bool success = value->GetAsDictionary(&dict);	349 bool success = value->GetAsDictionary(&dict);

339 DCHECK(success);	350 DCHECK(success);

(...skipping 91 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
431 }	442 }

432	443

433 bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent(	444 bool ChromeSSLHostStateDelegate::DidHostRunInsecureContent(

434 const std::string& host,	445 const std::string& host,

435 int pid) const {	446 int pid) const {

436 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid));	447 return !!ran_insecure_content_hosts_.count(BrokenHostEntry(host, pid));

437 }	448 }

438 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) {	449 void ChromeSSLHostStateDelegate::SetClock(scoped_ptr<base::Clock> clock) {

439 clock_.reset(clock.release());	450 clock_.reset(clock.release());

440 }	451 }

OLD	NEW