summaryrefslogtreecommitdiffstats
path: root/chrome/browser/ssl
diff options
context:
space:
mode:
authorpkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-05-18 18:28:48 +0000
committerpkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-05-18 18:28:48 +0000
commitb4e75c12dacc0922694b12b687a48dd2d973b595 (patch)
tree23d65e13ccf2fd9535ffb7ad965c5f2826efd6cc /chrome/browser/ssl
parent15ad5dcb44ab2049103f738625e4e5f2483d85da (diff)
downloadchromium_src-b4e75c12dacc0922694b12b687a48dd2d973b595.zip
chromium_src-b4e75c12dacc0922694b12b687a48dd2d973b595.tar.gz
chromium_src-b4e75c12dacc0922694b12b687a48dd2d973b595.tar.bz2
Rename "mixed content" to "insecure content" in as many places as possible, to standardize on a consistent naming scheme.
BUG=none TEST=none Review URL: http://codereview.chromium.org/2069005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47531 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/ssl')
-rw-r--r--chrome/browser/ssl/ssl_browser_tests.cc110
-rw-r--r--chrome/browser/ssl/ssl_manager.cc16
-rw-r--r--chrome/browser/ssl/ssl_manager.h4
-rw-r--r--chrome/browser/ssl/ssl_policy.cc12
4 files changed, 68 insertions, 74 deletions
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index c02fe01..60abe55 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -34,14 +34,15 @@ class SSLUITest : public InProcessBrowserTest {
}
void CheckAuthenticatedState(TabContents* tab,
- bool displayed_mixed_content) {
+ bool displayed_insecure_content) {
NavigationEntry* entry = tab->controller().GetActiveEntry();
ASSERT_TRUE(entry);
EXPECT_EQ(NavigationEntry::NORMAL_PAGE, entry->page_type());
EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, entry->ssl().security_style());
EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
- EXPECT_EQ(displayed_mixed_content, entry->ssl().displayed_mixed_content());
- EXPECT_FALSE(entry->ssl().ran_mixed_content());
+ EXPECT_EQ(displayed_insecure_content,
+ entry->ssl().displayed_insecure_content());
+ EXPECT_FALSE(entry->ssl().ran_insecure_content());
}
void CheckUnauthenticatedState(TabContents* tab) {
@@ -50,13 +51,13 @@ class SSLUITest : public InProcessBrowserTest {
EXPECT_EQ(NavigationEntry::NORMAL_PAGE, entry->page_type());
EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, entry->ssl().security_style());
EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
- EXPECT_FALSE(entry->ssl().displayed_mixed_content());
- EXPECT_FALSE(entry->ssl().ran_mixed_content());
+ EXPECT_FALSE(entry->ssl().displayed_insecure_content());
+ EXPECT_FALSE(entry->ssl().ran_insecure_content());
}
void CheckAuthenticationBrokenState(TabContents* tab,
int error,
- bool ran_mixed_content,
+ bool ran_insecure_content,
bool interstitial) {
NavigationEntry* entry = tab->controller().GetActiveEntry();
ASSERT_TRUE(entry);
@@ -69,8 +70,8 @@ class SSLUITest : public InProcessBrowserTest {
// to SECURITY_STYLE_AUTHENTICATION_BROKEN.
ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
EXPECT_EQ(error, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
- EXPECT_FALSE(entry->ssl().displayed_mixed_content());
- EXPECT_EQ(ran_mixed_content, entry->ssl().ran_mixed_content());
+ EXPECT_FALSE(entry->ssl().displayed_insecure_content());
+ EXPECT_EQ(ran_insecure_content, entry->ssl().ran_insecure_content());
}
void CheckWorkerLoadResult(TabContents* tab, bool expectLoaded) {
@@ -369,34 +370,34 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSErrorWithNoNavEntry) {
}
//
-// Mixed contents
+// Insecure content
//
-// Visits a page that displays mixed content.
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContent) {
+// Visits a page that displays insecure content.
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContent) {
scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
ASSERT_TRUE(https_server.get() != NULL);
scoped_refptr<HTTPTestServer> http_server = PlainServer();
ASSERT_TRUE(http_server.get() != NULL);
- // Load a page that displays mixed content.
+ // Load a page that displays insecure content.
ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage(
- "files/ssl/page_displays_mixed_content.html"));
+ "files/ssl/page_displays_insecure_content.html"));
CheckAuthenticatedState(browser()->GetSelectedTabContents(), true);
}
-// Visits a page that runs mixed content and tries to suppress the mixed content
-// warnings by randomizing location.hash.
+// Visits a page that runs insecure content and tries to suppress the insecure
+// content warnings by randomizing location.hash.
// Based on http://crbug.com/8706
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsMixedContentRandomizeHash) {
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecuredContentRandomizeHash) {
scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
ASSERT_TRUE(https_server.get() != NULL);
scoped_refptr<HTTPTestServer> http_server = PlainServer();
ASSERT_TRUE(http_server.get() != NULL);
- ui_test_utils::NavigateToURL(browser(),
- https_server->TestServerPage("files/ssl/page_runs_mixed_content.html"));
+ ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage(
+ "files/ssl/page_runs_insecure_content.html"));
CheckAuthenticationBrokenState(browser()->GetSelectedTabContents(), 0, true,
false);
@@ -443,15 +444,16 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContents) {
EXPECT_FALSE(js_result);
}
-// Visits a page with mixed content loaded by JS (after the initial page load).
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContentLoadedFromJS) {
+// Visits a page with insecure content loaded by JS (after the initial page
+// load).
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) {
scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
ASSERT_TRUE(https_server.get() != NULL);
scoped_refptr<HTTPTestServer> http_server = PlainServer();
ASSERT_TRUE(http_server.get() != NULL);
ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage(
- "files/ssl/page_with_dynamic_mixed_contents.html"));
+ "files/ssl/page_with_dynamic_insecure_content.html"));
TabContents* tab = browser()->GetSelectedTabContents();
CheckAuthenticatedState(tab, false);
@@ -462,14 +464,14 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContentLoadedFromJS) {
tab->render_view_host(), std::wstring(), L"loadBadImage();", &js_result));
EXPECT_TRUE(js_result);
- // We should now have mixed-contents.
+ // We should now have insecure content.
CheckAuthenticatedState(tab, true);
}
-// Visits two pages from the same origin: one that displays mixed content and
-// one that doesn't. The test checks that we do not propagate the mixed content
-// state from one to the other.
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContentTwoTabs) {
+// Visits two pages from the same origin: one that displays insecure content and
+// one that doesn't. The test checks that we do not propagate the insecure
+// content state from one to the other.
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) {
scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
ASSERT_TRUE(https_server.get() != NULL);
scoped_refptr<HTTPTestServer> http_server = PlainServer();
@@ -485,23 +487,23 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContentTwoTabs) {
// Create a new tab.
GURL url = https_server->TestServerPage(
- "files/ssl/page_displays_mixed_content.html");
+ "files/ssl/page_displays_insecure_content.html");
TabContents* tab2 = browser()->AddTabWithURL(url, GURL(),
PageTransition::TYPED, 0, Browser::ADD_SELECTED, tab1->GetSiteInstance(),
std::string());
ui_test_utils::WaitForNavigation(&(tab2->controller()));
- // The new tab has mixed content.
+ // The new tab has insecure content.
CheckAuthenticatedState(tab2, true);
// The original tab should not be contaminated.
CheckAuthenticatedState(tab1, false);
}
-// Visits two pages from the same origin: one that runs mixed content and one
-// that doesn't. The test checks that we propagate the mixed content state from
-// one to the other.
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsMixedContentTwoTabs) {
+// Visits two pages from the same origin: one that runs insecure content and one
+// that doesn't. The test checks that we propagate the insecure content state
+// from one to the other.
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) {
scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
ASSERT_TRUE(https_server.get() != NULL);
scoped_refptr<HTTPTestServer> http_server = PlainServer();
@@ -517,59 +519,59 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsMixedContentTwoTabs) {
// Create a new tab.
GURL url =
- https_server->TestServerPage("files/ssl/page_runs_mixed_content.html");
+ https_server->TestServerPage("files/ssl/page_runs_insecure_content.html");
TabContents* tab2 = browser()->AddTabWithURL(url, GURL(),
PageTransition::TYPED, 0, Browser::ADD_SELECTED, tab1->GetSiteInstance(),
std::string());
ui_test_utils::WaitForNavigation(&(tab2->controller()));
- // The new tab has mixed content.
+ // The new tab has insecure content.
CheckAuthenticationBrokenState(tab2, 0, true, false);
// Which means the origin for the first tab has also been contaminated with
- // mixed content.
+ // insecure content.
CheckAuthenticationBrokenState(tab1, 0, true, false);
}
// Visits a page with an image over http. Visits another page over https
// referencing that same image over http (hoping it is coming from the webcore
// memory cache).
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedMixedContent) {
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) {
scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
ASSERT_TRUE(https_server.get() != NULL);
scoped_refptr<HTTPTestServer> http_server = PlainServer();
ASSERT_TRUE(http_server.get() != NULL);
ui_test_utils::NavigateToURL(browser(), http_server->TestServerPage(
- "files/ssl/page_displays_mixed_content.html"));
+ "files/ssl/page_displays_insecure_content.html"));
TabContents* tab = browser()->GetSelectedTabContents();
CheckUnauthenticatedState(tab);
- // Load again but over SSL. It should be marked as displaying mixed content
- // (even though the image comes from the WebCore memory cache).
+ // Load again but over SSL. It should be marked as displaying insecure
+ // content (even though the image comes from the WebCore memory cache).
ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage(
- "files/ssl/page_displays_mixed_content.html"));
+ "files/ssl/page_displays_insecure_content.html"));
CheckAuthenticatedState(tab, true);
}
// Visits a page with script over http. Visits another page over https
// referencing that same script over http (hoping it is coming from the webcore
// memory cache).
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsCachedMixedContent) {
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsCachedInsecureContent) {
scoped_refptr<HTTPSTestServer> https_server = GoodCertServer();
ASSERT_TRUE(https_server.get() != NULL);
scoped_refptr<HTTPTestServer> http_server = PlainServer();
ASSERT_TRUE(http_server.get() != NULL);
ui_test_utils::NavigateToURL(browser(),
- http_server->TestServerPage("files/ssl/page_runs_mixed_content.html"));
+ http_server->TestServerPage("files/ssl/page_runs_insecure_content.html"));
TabContents* tab = browser()->GetSelectedTabContents();
CheckUnauthenticatedState(tab);
- // Load again but over SSL. It should be marked as displaying mixed content
- // (even though the image comes from the WebCore memory cache).
- ui_test_utils::NavigateToURL(browser(),
- https_server->TestServerPage("files/ssl/page_runs_mixed_content.html"));
+ // Load again but over SSL. It should be marked as displaying insecure
+ // content (even though the image comes from the WebCore memory cache).
+ ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage(
+ "files/ssl/page_runs_insecure_content.html"));
CheckAuthenticationBrokenState(tab, 0, true, false);
}
@@ -808,8 +810,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) {
// - navigate to an OK HTTPS frame
// - navigate to a bad HTTPS (expect unsafe content and filtered frame), then
// back
-// - navigate to HTTP (expect mixed content), then back
-IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestGoodFrameNavigation) {
+// - navigate to HTTP (expect insecure content), then back
+IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestGoodFrameNavigation) {
scoped_refptr<HTTPTestServer> http_server = PlainServer();
ASSERT_TRUE(http_server.get() != NULL);
scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer();
@@ -869,7 +871,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestGoodFrameNavigation) {
EXPECT_TRUE(success);
ui_test_utils::WaitForNavigation(&tab->controller());
- // Our state should be mixed-content.
+ // Our state should be insecure.
CheckAuthenticatedState(tab, true);
// Go back, our state should be unchanged.
@@ -972,7 +974,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorkerFiltered) {
ui_test_utils::NavigateToURL(browser(), good_https_server->TestServerPage(
"files/ssl/page_with_unsafe_worker.html"));
TabContents* tab = browser()->GetSelectedTabContents();
- // Expect Worker not to load mixed content.
+ // Expect Worker not to load insecure content.
CheckWorkerLoadResult(tab, false);
// The bad content is filtered, expect the state to be authenticated.
CheckAuthenticatedState(tab, false);
@@ -997,11 +999,11 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorker) {
false); // No Interstitial
// Navigate to safe page that has Worker loading unsafe content.
- // Expect content to load but be marked as auth broken due to running mixed
+ // Expect content to load but be marked as auth broken due to running insecure
// content.
ui_test_utils::NavigateToURL(browser(), good_https_server->TestServerPage(
"files/ssl/page_with_unsafe_worker.html"));
- CheckWorkerLoadResult(tab, true); // Worker loads mixed content
+ CheckWorkerLoadResult(tab, true); // Worker loads insecure content
CheckAuthenticationBrokenState(tab, 0, true, false);
}
@@ -1009,9 +1011,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorker) {
// Visit a page over https that contains a frame with a redirect.
-// XMLHttpRequest mixed in synchronous mode.
+// XMLHttpRequest insecure content in synchronous mode.
-// XMLHttpRequest mixed in asynchronous mode.
+// XMLHttpRequest insecure content in asynchronous mode.
// XMLHttpRequest over bad ssl in synchronous mode.
diff --git a/chrome/browser/ssl/ssl_manager.cc b/chrome/browser/ssl/ssl_manager.cc
index 99729b6..333d8b2 100644
--- a/chrome/browser/ssl/ssl_manager.cc
+++ b/chrome/browser/ssl/ssl_manager.cc
@@ -23,12 +23,6 @@
#include "net/base/cert_status_flags.h"
// static
-void SSLManager::RegisterUserPrefs(PrefService* prefs) {
- prefs->RegisterIntegerPref(prefs::kMixedContentFiltering,
- FilterPolicy::DONT_FILTER);
-}
-
-// static
void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh,
URLRequest* request,
int cert_error,
@@ -256,11 +250,11 @@ void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) {
}
void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) {
- // TODO(abarth): Make sure our redirect behavior is correct. If we ever see
- // a non-HTTPS resource in the redirect chain, we want to
- // trigger mixed content, even if the redirect chain goes back
- // to HTTPS. This is because the network attacker can redirect
- // the HTTP request to https://attacker.com/payload.js.
+ // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a
+ // non-HTTPS resource in the redirect chain, we want to trigger
+ // insecure content, even if the redirect chain goes back to
+ // HTTPS. This is because the network attacker can redirect the
+ // HTTP request to https://attacker.com/payload.js.
}
void SSLManager::DidChangeSSLInternalState() {
diff --git a/chrome/browser/ssl/ssl_manager.h b/chrome/browser/ssl/ssl_manager.h
index 7d6c134..7ee110e 100644
--- a/chrome/browser/ssl/ssl_manager.h
+++ b/chrome/browser/ssl/ssl_manager.h
@@ -38,8 +38,6 @@ class URLRequest;
class SSLManager : public NotificationObserver {
public:
- static void RegisterUserPrefs(PrefService* prefs);
-
// Entry point for SSLCertificateErrors. This function begins the process
// of resolving a certificate error during an SSL connection. SSLManager
// will adjust the security UI and either call |Cancel| or
@@ -84,7 +82,7 @@ class SSLManager : public NotificationObserver {
// are notified of this event.
void DidCommitProvisionalLoad(const NotificationDetails& details);
- // Mixed content entry point.
+ // Insecure content entry point.
void DidRunInsecureContent(const std::string& security_origin);
// Called to determine if there were any processed SSL errors from request.
diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc
index 4405972..768422f 100644
--- a/chrome/browser/ssl/ssl_policy.cc
+++ b/chrome/browser/ssl/ssl_policy.cc
@@ -125,13 +125,13 @@ void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) {
if (info->resource_type() != ResourceType::MAIN_FRAME &&
info->resource_type() != ResourceType::SUB_FRAME) {
- // The frame's origin now contains mixed content and therefore is broken.
+ // The frame's origin now contains insecure content.
OriginRanInsecureContent(info->frame_origin(), info->child_id());
}
if (info->resource_type() != ResourceType::MAIN_FRAME) {
- // The main frame now contains a frame with mixed content. Therefore, we
- // mark the main frame's origin as broken too.
+ // The main frame now contains a frame with insecure content. Therefore,
+ // we mark the main frame's origin as broken too.
OriginRanInsecureContent(info->main_frame_origin(), info->child_id());
}
}
@@ -165,17 +165,17 @@ void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) {
SiteInstance* site_instance = entry->site_instance();
// Note that |site_instance| can be NULL here because NavigationEntries don't
// necessarily have site instances. Without a process, the entry can't
- // possibly have mixed content. See bug http://crbug.com/12423.
+ // possibly have insecure content. See bug http://crbug.com/12423.
if (site_instance &&
backend_->DidHostRunInsecureContent(entry->url().host(),
site_instance->GetProcess()->id())) {
entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
- entry->ssl().set_ran_mixed_content();
+ entry->ssl().set_ran_insecure_content();
return;
}
if (tab_contents->displayed_insecure_content())
- entry->ssl().set_displayed_mixed_content();
+ entry->ssl().set_displayed_insecure_content();
}
////////////////////////////////////////////////////////////////////////////////