Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1980)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/renderer/render_frame_impl.cc

Issue 887223005: Skip interstitials and don't block requests for localhost SSL errors (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fixes from previous round of feedback Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ssl/ssl_browser_tests.cc ('K') | « content/public/common/content_switches.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/renderer/render_frame_impl.cc
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
index 876e8aef4049d58953e934bbce0bb9cfccad4cae..ef4438709a5aceddab702e2b13f5b1663f07e00a 100644
--- a/content/renderer/render_frame_impl.cc
+++ b/content/renderer/render_frame_impl.cc
@@ -106,7 +106,9 @@
#include "media/filters/gpu_video_accelerator_factories.h"
#include "net/base/data_url.h"
#include "net/base/net_errors.h"
+#include "net/base/net_util.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
+#include "net/cert/cert_status_flags.h"
#include "net/http/http_util.h"
#include "third_party/WebKit/public/platform/WebStorageQuotaCallbacks.h"
#include "third_party/WebKit/public/platform/WebString.h"
@@ -115,6 +117,7 @@
#include "third_party/WebKit/public/platform/WebURLResponse.h"
#include "third_party/WebKit/public/platform/WebVector.h"
#include "third_party/WebKit/public/web/WebColorSuggestion.h"
+#include "third_party/WebKit/public/web/WebConsoleMessage.h"
#include "third_party/WebKit/public/web/WebDocument.h"
#include "third_party/WebKit/public/web/WebFrameWidget.h"
#include "third_party/WebKit/public/web/WebGlyphCache.h"
@@ -2742,6 +2745,31 @@ void RenderFrameImpl::didFinishLoad(blink::WebLocalFrame* frame) {
DidFinishLoad(frame));
FOR_EACH_OBSERVER(RenderFrameObserver, observers_, DidFinishLoad());
+ // If the navigation is to a localhost URL (and the flag is set to
+ // allow localhost SSL misconfigurations), print a warning to the
+ // console telling the developer to check their SSL configuration
+ // before going to production.
+ bool allow_localhost =
+ base::CommandLine::ForCurrentProcess()->HasSwitch(
+ switches::kAllowInsecureLocalhost);
+
+ if (allow_localhost) {
+ SSLStatus ssl_status = render_view_->GetSSLStatusOfFrame(frame_);
+ bool is_cert_error = net::IsCertStatusError(ssl_status.cert_status);
Ryan Sleevi 2015/02/09 19:31:34 Note: We only block for IsCertStatusError && !IsCe
estark 2015/02/09 20:48:40 Done.
+ bool is_localhost = net::IsLocalhost(GURL(ds->request().url()).host());
+
+ if (is_cert_error && is_localhost) {
+ frame_->addMessageToConsole(
+ blink::WebConsoleMessage(
+ blink::WebConsoleMessage::LevelWarning,
+ base::ASCIIToUTF16("This site does not have a valid SSL "
+ "certificate! Without SSL, your site's and "
+ "visitors' data is vulnerable to theft and "
+ "tampering. Get a valid SSL certificate before"
+ " releasing your website to the public.")));
+ }
+ }
+
// Don't send this message while the frame is swapped out.
if (is_swapped_out())
return;
« chrome/browser/ssl/ssl_browser_tests.cc ('K') | « content/public/common/content_switches.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698