Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1140)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/render_frame_impl.cc

Issue 887223005: Skip interstitials and don't block requests for localhost SSL errors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Added warning in console on localhost SSL errors Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ssl/ssl_browser_tests.cc ('K') | « chrome/test/data/ssl/write_to_title.js ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/render_frame_impl.cc
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
index 876e8aef4049d58953e934bbce0bb9cfccad4cae..1c8a3a9c38286d8cb6031706722302dbc4a367f5 100644
--- a/content/renderer/render_frame_impl.cc
+++ b/content/renderer/render_frame_impl.cc
@@ -107,6 +107,7 @@
#include "net/base/data_url.h"
#include "net/base/net_errors.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
+#include "net/cert/cert_status_flags.h"
#include "net/http/http_util.h"
#include "third_party/WebKit/public/platform/WebStorageQuotaCallbacks.h"
#include "third_party/WebKit/public/platform/WebString.h"
@@ -115,6 +116,7 @@
#include "third_party/WebKit/public/platform/WebURLResponse.h"
#include "third_party/WebKit/public/platform/WebVector.h"
#include "third_party/WebKit/public/web/WebColorSuggestion.h"
+#include "third_party/WebKit/public/web/WebConsoleMessage.h"
#include "third_party/WebKit/public/web/WebDocument.h"
#include "third_party/WebKit/public/web/WebFrameWidget.h"
#include "third_party/WebKit/public/web/WebGlyphCache.h"
@@ -2742,6 +2744,25 @@ void RenderFrameImpl::didFinishLoad(blink::WebLocalFrame* frame) {
DidFinishLoad(frame));
FOR_EACH_OBSERVER(RenderFrameObserver, observers_, DidFinishLoad());
+ // If the navigation is to a localhost URL, print a warning to the
+ // console telling the developer to check their SSL configuration
+ // before going to production.
+ //
+ // TODO(estark): do we want to print this only if the
+ // kAllowInsecureLocalhost flag is set?
Ryan Sleevi 2015/02/04 19:34:42 That's my gut feeling too. Note, our use of TODO
estark 2015/02/05 03:02:38 Done.
+ SSLStatus ssl_status = render_view_->GetSSLStatusOfFrame(frame_);
+ if (net::IsCertStatusError(ssl_status.cert_status) &&
+ GURL(ds->request().url()).DomainIs("localhost")) {
+ frame_->addMessageToConsole(
+ blink::WebConsoleMessage(
+ blink::WebConsoleMessage::LevelWarning,
+ base::ASCIIToUTF16("This site does not have a valid SSL "
+ "certificate! Without SSL, your site's and "
+ "visitors' data is vulnerable to theft and "
+ "tampering. Get a valid SSL certificate before "
+ "releasing your website to the public.")));
+ }
+
// Don't send this message while the frame is swapped out.
if (is_swapped_out())
return;
« chrome/browser/ssl/ssl_browser_tests.cc ('K') | « chrome/test/data/ssl/write_to_title.js ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698