Downgrade lock icon for broken-HTTPS subresources
This CL attaches a boolean to resource responses to indicate if they
have certificate errors. If Blink sees a resource with a cert error, it
notifies the renderer via FrameLoaderClient, who then notifies the
browser, who treats the situation like mixed content.
The browser (//content) ignores subresources with cert errors on HTTP
pages, and subresources with the same cert errors as the main
resource. This allows embedders to distinguish broken-HTTPS foo.com with
a subresource from broken-HTTPS bar.com and broken-HTTPS foo.com with a
subresource from broken-HTTPS foo.com.
BUG=477868
Review URL: https://codereview.chromium.org/1415923015
Cr-Commit-Position: refs/heads/master@{#362246}
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index 358754a..6fe002a2 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -642,6 +642,10 @@
OnDidDisplayInsecureContent)
IPC_MESSAGE_HANDLER(FrameHostMsg_DidRunInsecureContent,
OnDidRunInsecureContent)
+ IPC_MESSAGE_HANDLER(FrameHostMsg_DidDisplayContentWithCertificateErrors,
+ OnDidDisplayContentWithCertificateErrors)
+ IPC_MESSAGE_HANDLER(FrameHostMsg_DidRunContentWithCertificateErrors,
+ OnDidRunContentWithCertificateErrors)
IPC_MESSAGE_HANDLER(ViewHostMsg_GoToEntryAtOffset, OnGoToEntryAtOffset)
IPC_MESSAGE_HANDLER(ViewHostMsg_UpdateZoomLimits, OnUpdateZoomLimits)
IPC_MESSAGE_HANDLER(ViewHostMsg_PageScaleFactorChanged,
@@ -3173,12 +3177,12 @@
GetController().GetBrowserContext());
}
-void WebContentsImpl::OnDidRunInsecureContent(
- const std::string& security_origin, const GURL& target_url) {
+void WebContentsImpl::OnDidRunInsecureContent(const GURL& security_origin,
+ const GURL& target_url) {
LOG(WARNING) << security_origin << " ran insecure content from "
<< target_url.possibly_invalid_spec();
RecordAction(base::UserMetricsAction("SSL.RanInsecureContent"));
- if (base::EndsWith(security_origin, kDotGoogleDotCom,
+ if (base::EndsWith(security_origin.spec(), kDotGoogleDotCom,
base::CompareCase::INSENSITIVE_ASCII))
RecordAction(base::UserMetricsAction("SSL.RanInsecureContentGoogle"));
controller_.ssl_manager()->DidRunInsecureContent(security_origin);
@@ -3186,6 +3190,39 @@
GetController().GetBrowserContext());
}
+void WebContentsImpl::OnDidDisplayContentWithCertificateErrors(
+ const GURL& url,
+ const std::string& security_info) {
+ SSLStatus ssl;
+ if (!DeserializeSecurityInfo(security_info, &ssl)) {
+ bad_message::ReceivedBadMessage(
+ GetRenderProcessHost(),
+ bad_message::WC_CONTENT_WITH_CERT_ERRORS_BAD_SECURITY_INFO);
+ return;
+ }
+
+ displayed_insecure_content_ = true;
+ SSLManager::NotifySSLInternalStateChanged(
+ GetController().GetBrowserContext());
+}
+
+void WebContentsImpl::OnDidRunContentWithCertificateErrors(
+ const GURL& security_origin,
+ const GURL& url,
+ const std::string& security_info) {
+ SSLStatus ssl;
+ if (!DeserializeSecurityInfo(security_info, &ssl)) {
+ bad_message::ReceivedBadMessage(
+ GetRenderProcessHost(),
+ bad_message::WC_CONTENT_WITH_CERT_ERRORS_BAD_SECURITY_INFO);
+ return;
+ }
+
+ controller_.ssl_manager()->DidRunInsecureContent(security_origin);
+ SSLManager::NotifySSLInternalStateChanged(
+ GetController().GetBrowserContext());
+}
+
void WebContentsImpl::OnDocumentLoadedInFrame() {
if (!HasValidFrameSource())
return;
