diff options
| author | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-05-20 04:30:23 +0000 |
|---|---|---|
| committer | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-05-20 04:30:23 +0000 |
| commit | a9cea754e016601a59cb07be2946559a9ad21738 (patch) | |
| tree | d4c5baf30736f27de914f5091fde20707d1c9e87 /chrome/browser/ssl | |
| parent | a65d1b09eb7adb31e9ac975962c19cdc15c44d97 (diff) | |
| download | chromium_src-a9cea754e016601a59cb07be2946559a9ad21738.zip chromium_src-a9cea754e016601a59cb07be2946559a9ad21738.tar.gz chromium_src-a9cea754e016601a59cb07be2946559a9ad21738.tar.bz2 | |
More progress on ForceHTTPS.
Instead of turning on strict HTTPS error processing for every site, we now track which sites have opted in. Our implementation is still experimental and hidden behing the command line switch --force-https.
R=darin
TEST=No tests yet because this is just an experiment.
Review URL: http://codereview.chromium.org/113503
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@16464 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/ssl')
| -rw-r--r-- | chrome/browser/ssl/ssl_policy.cc | 14 | ||||
| -rw-r--r-- | chrome/browser/ssl/ssl_policy_backend.cc | 8 | ||||
| -rw-r--r-- | chrome/browser/ssl/ssl_policy_backend.h | 10 |
3 files changed, 27 insertions, 5 deletions
diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc index 7004da7..3bf64e5 100644 --- a/chrome/browser/ssl/ssl_policy.cc +++ b/chrome/browser/ssl/ssl_policy.cc @@ -6,6 +6,8 @@ #include "app/l10n_util.h" #include "app/resource_bundle.h" +#include "base/base_switches.h" +#include "base/command_line.h" #include "base/singleton.h" #include "base/string_piece.h" #include "base/string_util.h" @@ -117,11 +119,15 @@ void SSLPolicy::OnMixedContent(SSLMixedContentHandler* handler) { // If the user has added an exception, doctor the |filter_policy|. std::string host = GURL(handler->main_frame_origin()).host(); - if (backend_->DidAllowMixedContentForHost(host) || - backend_->DidMarkHostAsBroken(host, handler->pid())) + if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kForceHTTPS) && + backend_->IsForceTLSEnabledForHost(host)) { + // We're supposed to block all mixed content for this host. + filter_policy = FilterPolicy::FILTER_ALL; + } else if (backend_->DidAllowMixedContentForHost(host) || + backend_->DidMarkHostAsBroken(host, handler->pid())) { + // Let the mixed content through. filter_policy = FilterPolicy::DONT_FILTER; - - if (filter_policy != FilterPolicy::DONT_FILTER) { + } else if (filter_policy != FilterPolicy::DONT_FILTER) { backend_->ShowMessageWithLink( l10n_util::GetString(IDS_SSL_INFO_BAR_FILTERED_CONTENT), l10n_util::GetString(IDS_SSL_INFO_BAR_SHOW_CONTENT), diff --git a/chrome/browser/ssl/ssl_policy_backend.cc b/chrome/browser/ssl/ssl_policy_backend.cc index 9b1eed8..8852190 100644 --- a/chrome/browser/ssl/ssl_policy_backend.cc +++ b/chrome/browser/ssl/ssl_policy_backend.cc @@ -13,6 +13,7 @@ #include "chrome/common/notification_service.h" #include "grit/generated_resources.h" #include "grit/theme_resources.h" +#include "net/base/force_tls_state.h" using WebKit::WebConsoleMessage; @@ -67,7 +68,8 @@ class SSLInfoBarDelegate : public ConfirmInfoBarDelegate { SSLPolicyBackend::SSLPolicyBackend(NavigationController* controller) : controller_(controller), - ssl_host_state_(controller->profile()->GetSSLHostState()) { + ssl_host_state_(controller->profile()->GetSSLHostState()), + force_tls_state_(controller->profile()->GetForceTLSState()) { DCHECK(controller_); } @@ -159,6 +161,10 @@ bool SSLPolicyBackend::DidAllowMixedContentForHost( return ssl_host_state_->DidAllowMixedContentForHost(host); } +bool SSLPolicyBackend::IsForceTLSEnabledForHost(const std::string& host) const { + return force_tls_state_->IsEnabledForHost(host); +} + void SSLPolicyBackend::Reload() { controller_->Reload(true); } diff --git a/chrome/browser/ssl/ssl_policy_backend.h b/chrome/browser/ssl/ssl_policy_backend.h index f8a829c..2d84232 100644 --- a/chrome/browser/ssl/ssl_policy_backend.h +++ b/chrome/browser/ssl/ssl_policy_backend.h @@ -13,6 +13,9 @@ #include "net/base/x509_certificate.h" #include "webkit/api/public/WebConsoleMessage.h" +namespace net { +class ForceTLSState; +} class NavigationController; class SSLHostState; class Task; @@ -68,6 +71,9 @@ class SSLPolicyBackend { // Returns whether the specified host is allowed to show mixed content. bool DidAllowMixedContentForHost(const std::string& host) const; + // Returns whether ForceTLS is enabled for |host|. + bool IsForceTLSEnabledForHost(const std::string& host) const; + // Reloads the tab. void Reload(); @@ -112,6 +118,10 @@ class SSLPolicyBackend { // SSL state specific for each host. SSLHostState* ssl_host_state_; + // ForceTLS state. + // TODO(abarth): Consider combining with SSLHostState? + net::ForceTLSState* force_tls_state_; + // The list of messages that should be displayed (in info bars) when the page // currently loading had loaded. std::vector<SSLMessageInfo> pending_messages_; |