diff options
author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-28 21:15:36 +0000 |
---|---|---|
committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-28 21:15:36 +0000 |
commit | 00cc740755b45f1d80ab46a73f6018149db79999 (patch) | |
tree | c661d937128049ed4b16711a56e40699215c960c | |
parent | 8e3e63f62e7e088b7276c3f3cde47be3f06565d6 (diff) | |
download | chromium_src-00cc740755b45f1d80ab46a73f6018149db79999.zip chromium_src-00cc740755b45f1d80ab46a73f6018149db79999.tar.gz chromium_src-00cc740755b45f1d80ab46a73f6018149db79999.tar.bz2 |
We need to return S_FALSE in our IHttpSecurity::OnSecurityProblem implementation for certificate errors
to be displayed in IE6. This is because on IE6 the default IBindStatusCallback implementation in MSHTML
implements the IWindowForBindingUI interface only thus resulting in the error dialog being displayed.
We emulate this by returning S_FALSE in OnSecurityProblem for IE6.
This should fix the IE6 issue reported in bug http://b/issue?id=2059540
Bug=2059540
Review URL: http://codereview.chromium.org/220041
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27408 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | chrome_frame/urlmon_url_request.cc | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/chrome_frame/urlmon_url_request.cc b/chrome_frame/urlmon_url_request.cc index f51da418..a745774 100644 --- a/chrome_frame/urlmon_url_request.cc +++ b/chrome_frame/urlmon_url_request.cc @@ -10,6 +10,7 @@ #include "base/string_util.h" #include "base/logging.h" #include "chrome_frame/urlmon_upload_data_stream.h" +#include "ie_alt_tab/utils.h" #include "net/http/http_util.h" #include "net/http/http_response_headers.h" @@ -337,19 +338,19 @@ STDMETHODIMP UrlmonUrlRequest::OnResponse(DWORD dwResponseCode, std::string raw_headers = WideToUTF8(response_headers); // Security check for frame busting headers. We don't honor the headers - // as-such, but instead simply kill requests which we've been asked to - // look for. This puts the onus on the user of the UrlRequest to specify - // whether or not requests should be inspected. For ActiveDocuments, the - // answer is "no", since WebKit's detection/handling is sufficient and since - // ActiveDocuments cannot be hosted as iframes. For NPAPI and ActiveX - // documents, the Initialize() function of the PluginUrlRequest object - // allows them to specify how they'd like requests handled. Both should + // as-such, but instead simply kill requests which we've been asked to + // look for. This puts the onus on the user of the UrlRequest to specify + // whether or not requests should be inspected. For ActiveDocuments, the + // answer is "no", since WebKit's detection/handling is sufficient and since + // ActiveDocuments cannot be hosted as iframes. For NPAPI and ActiveX + // documents, the Initialize() function of the PluginUrlRequest object + // allows them to specify how they'd like requests handled. Both should // set enable_frame_busting_ to true to avoid CSRF attacks. - // Should WebKit's handling of this ever change, we will need to re-visit - // how and when frames are killed to better mirror a policy which may + // Should WebKit's handling of this ever change, we will need to re-visit + // how and when frames are killed to better mirror a policy which may // do something other than kill the sub-document outright. - // NOTE(slightlyoff): We don't use net::HttpResponseHeaders here because + // NOTE(slightlyoff): We don't use net::HttpResponseHeaders here because // of lingering ICU/base_noicu issues. if (frame_busting_enabled_ && net::HttpUtil::HasHeader(raw_headers, kXFrameOptionsHeader)) { @@ -453,6 +454,13 @@ STDMETHODIMP UrlmonUrlRequest::OnSecurityProblem(DWORD problem) { // causes Urlmon to display a dialog box on the same lines as IE6. DLOG(INFO) << __FUNCTION__ << " Security problem : " << problem; + // On IE6 the default IBindStatusCallback interface does not implement the + // IHttpSecurity interface and thus causes IE to put up a certificate error + // dialog box. We need to emulate this behavior for sites with mismatched + // certificates to work. + if (GetIEVersion() == IE_6) + return S_FALSE; + HRESULT hr = E_ABORT; switch (problem) { @@ -722,8 +730,8 @@ net::Error UrlmonUrlRequest::HresultToNetError(HRESULT hr) { break; case INET_E_RESOURCE_NOT_FOUND: - // To behave more closely to the chrome network stack, we translate this
- // error value as tunnel connection failed. This error value is tested
+ // To behave more closely to the chrome network stack, we translate this + // error value as tunnel connection failed. This error value is tested // in the ProxyTunnelRedirectTest and UnexpectedServerAuthTest tests. ret = net::ERR_TUNNEL_CONNECTION_FAILED; break; |