commit d9d979428e6e9301e3044b875de92af4fa96344a
author carlosk <carlosk@chromium.org> Thu Feb 16 08:58:09 2017
committer Commit bot <commit-bot@chromium.org> Thu Feb 16 08:58:09 2017
tree 56aa85c0ede5af9483f6f5cfd4f8733b0b9d84ef
parent 0c2fcf56d2df0bb7b31ccb1509662255b5852451

PlzNavigate: Move navigation-level mixed content checks to the browser.

This is a step towards moving to the browser some navigation security checks
currently made in the renderer. This is needed for PlzNavigate to function
properly, avoid extra delays caused by unnecessary IPC exchanges and might pave
the way for similar changes needed by OOPIF.

This change only affects PlzNavigate; the current implementation is unaffected.
In that context, note that this is only a partial move of the checks currently
performed by MixedContentChecker: only frame navigation resource loads will be
intercepted by the browser, by the newly created MixedContentNavigationThrottle.

And for this implementation to work correctly with HSTS it requires an
implementation of the latter as a navigation throttle. This is now a requirement
for PlzNavigate to be launched as otherwise HSTS checks would be broken.

BUG=576270
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/1905033002
Cr-Commit-Position: refs/heads/master@{#450904}

content/browser/web_contents/web_contents_impl.cc

diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index 6fcb922d..1b28eb4 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -3519,6 +3519,10 @@
 void WebContentsImpl::OnDidDisplayInsecureContent(RenderFrameHostImpl* source) {
   // Any frame can trigger display of insecure content, so we don't check
   // |source| here.
+  DidDisplayInsecureContent();
+}
+
+void WebContentsImpl::DidDisplayInsecureContent() {
   controller_.ssl_manager()->DidDisplayMixedContent();
 }
 
@@ -3528,6 +3532,11 @@
   // TODO(nick, estark): Should we call FilterURL using |source|'s process on
   // these parameters? |target_url| seems unused, except for a log message. And
   // |security_origin| might be replaceable with the origin of the main frame.
+  DidRunInsecureContent(security_origin, target_url);
+}
+
+void WebContentsImpl::DidRunInsecureContent(const GURL& security_origin,
+                                            const GURL& target_url) {
   LOG(WARNING) << security_origin << " ran insecure content from "
                << target_url.possibly_invalid_spec();
   RecordAction(base::UserMetricsAction("SSL.RanInsecureContent"));
@@ -3537,6 +3546,19 @@
   controller_.ssl_manager()->DidRunMixedContent(security_origin);
 }
 
+void WebContentsImpl::PassiveInsecureContentFound(const GURL& resource_url) {
+  GetDelegate()->PassiveInsecureContentFound(resource_url);
+}
+
+bool WebContentsImpl::ShouldAllowRunningInsecureContent(
+    WebContents* web_contents,
+    bool allowed_per_prefs,
+    const url::Origin& origin,
+    const GURL& resource_url) {
+  return GetDelegate()->ShouldAllowRunningInsecureContent(
+      web_contents, allowed_per_prefs, origin, resource_url);
+}
+
 void WebContentsImpl::OnDidDisplayContentWithCertificateErrors(
     RenderFrameHostImpl* source,
     const GURL& url) {