diff options
author | pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-18 18:28:48 +0000 |
---|---|---|
committer | pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-05-18 18:28:48 +0000 |
commit | b4e75c12dacc0922694b12b687a48dd2d973b595 (patch) | |
tree | 23d65e13ccf2fd9535ffb7ad965c5f2826efd6cc /chrome/browser/ssl | |
parent | 15ad5dcb44ab2049103f738625e4e5f2483d85da (diff) | |
download | chromium_src-b4e75c12dacc0922694b12b687a48dd2d973b595.zip chromium_src-b4e75c12dacc0922694b12b687a48dd2d973b595.tar.gz chromium_src-b4e75c12dacc0922694b12b687a48dd2d973b595.tar.bz2 |
Rename "mixed content" to "insecure content" in as many places as possible, to standardize on a consistent naming scheme.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/2069005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47531 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/ssl')
-rw-r--r-- | chrome/browser/ssl/ssl_browser_tests.cc | 110 | ||||
-rw-r--r-- | chrome/browser/ssl/ssl_manager.cc | 16 | ||||
-rw-r--r-- | chrome/browser/ssl/ssl_manager.h | 4 | ||||
-rw-r--r-- | chrome/browser/ssl/ssl_policy.cc | 12 |
4 files changed, 68 insertions, 74 deletions
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc index c02fe01..60abe55 100644 --- a/chrome/browser/ssl/ssl_browser_tests.cc +++ b/chrome/browser/ssl/ssl_browser_tests.cc @@ -34,14 +34,15 @@ class SSLUITest : public InProcessBrowserTest { } void CheckAuthenticatedState(TabContents* tab, - bool displayed_mixed_content) { + bool displayed_insecure_content) { NavigationEntry* entry = tab->controller().GetActiveEntry(); ASSERT_TRUE(entry); EXPECT_EQ(NavigationEntry::NORMAL_PAGE, entry->page_type()); EXPECT_EQ(SECURITY_STYLE_AUTHENTICATED, entry->ssl().security_style()); EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); - EXPECT_EQ(displayed_mixed_content, entry->ssl().displayed_mixed_content()); - EXPECT_FALSE(entry->ssl().ran_mixed_content()); + EXPECT_EQ(displayed_insecure_content, + entry->ssl().displayed_insecure_content()); + EXPECT_FALSE(entry->ssl().ran_insecure_content()); } void CheckUnauthenticatedState(TabContents* tab) { @@ -50,13 +51,13 @@ class SSLUITest : public InProcessBrowserTest { EXPECT_EQ(NavigationEntry::NORMAL_PAGE, entry->page_type()); EXPECT_EQ(SECURITY_STYLE_UNAUTHENTICATED, entry->ssl().security_style()); EXPECT_EQ(0, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); - EXPECT_FALSE(entry->ssl().displayed_mixed_content()); - EXPECT_FALSE(entry->ssl().ran_mixed_content()); + EXPECT_FALSE(entry->ssl().displayed_insecure_content()); + EXPECT_FALSE(entry->ssl().ran_insecure_content()); } void CheckAuthenticationBrokenState(TabContents* tab, int error, - bool ran_mixed_content, + bool ran_insecure_content, bool interstitial) { NavigationEntry* entry = tab->controller().GetActiveEntry(); ASSERT_TRUE(entry); @@ -69,8 +70,8 @@ class SSLUITest : public InProcessBrowserTest { // to SECURITY_STYLE_AUTHENTICATION_BROKEN. ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error); EXPECT_EQ(error, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS); - EXPECT_FALSE(entry->ssl().displayed_mixed_content()); - EXPECT_EQ(ran_mixed_content, entry->ssl().ran_mixed_content()); + EXPECT_FALSE(entry->ssl().displayed_insecure_content()); + EXPECT_EQ(ran_insecure_content, entry->ssl().ran_insecure_content()); } void CheckWorkerLoadResult(TabContents* tab, bool expectLoaded) { @@ -369,34 +370,34 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTPSErrorWithNoNavEntry) { } // -// Mixed contents +// Insecure content // -// Visits a page that displays mixed content. -IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContent) { +// Visits a page that displays insecure content. +IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContent) { scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); ASSERT_TRUE(https_server.get() != NULL); scoped_refptr<HTTPTestServer> http_server = PlainServer(); ASSERT_TRUE(http_server.get() != NULL); - // Load a page that displays mixed content. + // Load a page that displays insecure content. ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage( - "files/ssl/page_displays_mixed_content.html")); + "files/ssl/page_displays_insecure_content.html")); CheckAuthenticatedState(browser()->GetSelectedTabContents(), true); } -// Visits a page that runs mixed content and tries to suppress the mixed content -// warnings by randomizing location.hash. +// Visits a page that runs insecure content and tries to suppress the insecure +// content warnings by randomizing location.hash. // Based on http://crbug.com/8706 -IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsMixedContentRandomizeHash) { +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecuredContentRandomizeHash) { scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); ASSERT_TRUE(https_server.get() != NULL); scoped_refptr<HTTPTestServer> http_server = PlainServer(); ASSERT_TRUE(http_server.get() != NULL); - ui_test_utils::NavigateToURL(browser(), - https_server->TestServerPage("files/ssl/page_runs_mixed_content.html")); + ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage( + "files/ssl/page_runs_insecure_content.html")); CheckAuthenticationBrokenState(browser()->GetSelectedTabContents(), 0, true, false); @@ -443,15 +444,16 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContents) { EXPECT_FALSE(js_result); } -// Visits a page with mixed content loaded by JS (after the initial page load). -IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContentLoadedFromJS) { +// Visits a page with insecure content loaded by JS (after the initial page +// load). +IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentLoadedFromJS) { scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); ASSERT_TRUE(https_server.get() != NULL); scoped_refptr<HTTPTestServer> http_server = PlainServer(); ASSERT_TRUE(http_server.get() != NULL); ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage( - "files/ssl/page_with_dynamic_mixed_contents.html")); + "files/ssl/page_with_dynamic_insecure_content.html")); TabContents* tab = browser()->GetSelectedTabContents(); CheckAuthenticatedState(tab, false); @@ -462,14 +464,14 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContentLoadedFromJS) { tab->render_view_host(), std::wstring(), L"loadBadImage();", &js_result)); EXPECT_TRUE(js_result); - // We should now have mixed-contents. + // We should now have insecure content. CheckAuthenticatedState(tab, true); } -// Visits two pages from the same origin: one that displays mixed content and -// one that doesn't. The test checks that we do not propagate the mixed content -// state from one to the other. -IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContentTwoTabs) { +// Visits two pages from the same origin: one that displays insecure content and +// one that doesn't. The test checks that we do not propagate the insecure +// content state from one to the other. +IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysInsecureContentTwoTabs) { scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); ASSERT_TRUE(https_server.get() != NULL); scoped_refptr<HTTPTestServer> http_server = PlainServer(); @@ -485,23 +487,23 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysMixedContentTwoTabs) { // Create a new tab. GURL url = https_server->TestServerPage( - "files/ssl/page_displays_mixed_content.html"); + "files/ssl/page_displays_insecure_content.html"); TabContents* tab2 = browser()->AddTabWithURL(url, GURL(), PageTransition::TYPED, 0, Browser::ADD_SELECTED, tab1->GetSiteInstance(), std::string()); ui_test_utils::WaitForNavigation(&(tab2->controller())); - // The new tab has mixed content. + // The new tab has insecure content. CheckAuthenticatedState(tab2, true); // The original tab should not be contaminated. CheckAuthenticatedState(tab1, false); } -// Visits two pages from the same origin: one that runs mixed content and one -// that doesn't. The test checks that we propagate the mixed content state from -// one to the other. -IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsMixedContentTwoTabs) { +// Visits two pages from the same origin: one that runs insecure content and one +// that doesn't. The test checks that we propagate the insecure content state +// from one to the other. +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsInsecureContentTwoTabs) { scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); ASSERT_TRUE(https_server.get() != NULL); scoped_refptr<HTTPTestServer> http_server = PlainServer(); @@ -517,59 +519,59 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsMixedContentTwoTabs) { // Create a new tab. GURL url = - https_server->TestServerPage("files/ssl/page_runs_mixed_content.html"); + https_server->TestServerPage("files/ssl/page_runs_insecure_content.html"); TabContents* tab2 = browser()->AddTabWithURL(url, GURL(), PageTransition::TYPED, 0, Browser::ADD_SELECTED, tab1->GetSiteInstance(), std::string()); ui_test_utils::WaitForNavigation(&(tab2->controller())); - // The new tab has mixed content. + // The new tab has insecure content. CheckAuthenticationBrokenState(tab2, 0, true, false); // Which means the origin for the first tab has also been contaminated with - // mixed content. + // insecure content. CheckAuthenticationBrokenState(tab1, 0, true, false); } // Visits a page with an image over http. Visits another page over https // referencing that same image over http (hoping it is coming from the webcore // memory cache). -IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedMixedContent) { +IN_PROC_BROWSER_TEST_F(SSLUITest, TestDisplaysCachedInsecureContent) { scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); ASSERT_TRUE(https_server.get() != NULL); scoped_refptr<HTTPTestServer> http_server = PlainServer(); ASSERT_TRUE(http_server.get() != NULL); ui_test_utils::NavigateToURL(browser(), http_server->TestServerPage( - "files/ssl/page_displays_mixed_content.html")); + "files/ssl/page_displays_insecure_content.html")); TabContents* tab = browser()->GetSelectedTabContents(); CheckUnauthenticatedState(tab); - // Load again but over SSL. It should be marked as displaying mixed content - // (even though the image comes from the WebCore memory cache). + // Load again but over SSL. It should be marked as displaying insecure + // content (even though the image comes from the WebCore memory cache). ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage( - "files/ssl/page_displays_mixed_content.html")); + "files/ssl/page_displays_insecure_content.html")); CheckAuthenticatedState(tab, true); } // Visits a page with script over http. Visits another page over https // referencing that same script over http (hoping it is coming from the webcore // memory cache). -IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsCachedMixedContent) { +IN_PROC_BROWSER_TEST_F(SSLUITest, TestRunsCachedInsecureContent) { scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); ASSERT_TRUE(https_server.get() != NULL); scoped_refptr<HTTPTestServer> http_server = PlainServer(); ASSERT_TRUE(http_server.get() != NULL); ui_test_utils::NavigateToURL(browser(), - http_server->TestServerPage("files/ssl/page_runs_mixed_content.html")); + http_server->TestServerPage("files/ssl/page_runs_insecure_content.html")); TabContents* tab = browser()->GetSelectedTabContents(); CheckUnauthenticatedState(tab); - // Load again but over SSL. It should be marked as displaying mixed content - // (even though the image comes from the WebCore memory cache). - ui_test_utils::NavigateToURL(browser(), - https_server->TestServerPage("files/ssl/page_runs_mixed_content.html")); + // Load again but over SSL. It should be marked as displaying insecure + // content (even though the image comes from the WebCore memory cache). + ui_test_utils::NavigateToURL(browser(), https_server->TestServerPage( + "files/ssl/page_runs_insecure_content.html")); CheckAuthenticationBrokenState(tab, 0, true, false); } @@ -808,8 +810,8 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestConnectToBadPort) { // - navigate to an OK HTTPS frame // - navigate to a bad HTTPS (expect unsafe content and filtered frame), then // back -// - navigate to HTTP (expect mixed content), then back -IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestGoodFrameNavigation) { +// - navigate to HTTP (expect insecure content), then back +IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestGoodFrameNavigation) { scoped_refptr<HTTPTestServer> http_server = PlainServer(); ASSERT_TRUE(http_server.get() != NULL); scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer(); @@ -869,7 +871,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, DISABLED_TestGoodFrameNavigation) { EXPECT_TRUE(success); ui_test_utils::WaitForNavigation(&tab->controller()); - // Our state should be mixed-content. + // Our state should be insecure. CheckAuthenticatedState(tab, true); // Go back, our state should be unchanged. @@ -972,7 +974,7 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorkerFiltered) { ui_test_utils::NavigateToURL(browser(), good_https_server->TestServerPage( "files/ssl/page_with_unsafe_worker.html")); TabContents* tab = browser()->GetSelectedTabContents(); - // Expect Worker not to load mixed content. + // Expect Worker not to load insecure content. CheckWorkerLoadResult(tab, false); // The bad content is filtered, expect the state to be authenticated. CheckAuthenticatedState(tab, false); @@ -997,11 +999,11 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorker) { false); // No Interstitial // Navigate to safe page that has Worker loading unsafe content. - // Expect content to load but be marked as auth broken due to running mixed + // Expect content to load but be marked as auth broken due to running insecure // content. ui_test_utils::NavigateToURL(browser(), good_https_server->TestServerPage( "files/ssl/page_with_unsafe_worker.html")); - CheckWorkerLoadResult(tab, true); // Worker loads mixed content + CheckWorkerLoadResult(tab, true); // Worker loads insecure content CheckAuthenticationBrokenState(tab, 0, true, false); } @@ -1009,9 +1011,9 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, FLAKY_TestUnsafeContentsInWorker) { // Visit a page over https that contains a frame with a redirect. -// XMLHttpRequest mixed in synchronous mode. +// XMLHttpRequest insecure content in synchronous mode. -// XMLHttpRequest mixed in asynchronous mode. +// XMLHttpRequest insecure content in asynchronous mode. // XMLHttpRequest over bad ssl in synchronous mode. diff --git a/chrome/browser/ssl/ssl_manager.cc b/chrome/browser/ssl/ssl_manager.cc index 99729b6..333d8b2 100644 --- a/chrome/browser/ssl/ssl_manager.cc +++ b/chrome/browser/ssl/ssl_manager.cc @@ -23,12 +23,6 @@ #include "net/base/cert_status_flags.h" // static -void SSLManager::RegisterUserPrefs(PrefService* prefs) { - prefs->RegisterIntegerPref(prefs::kMixedContentFiltering, - FilterPolicy::DONT_FILTER); -} - -// static void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh, URLRequest* request, int cert_error, @@ -256,11 +250,11 @@ void SSLManager::DidStartResourceResponse(ResourceRequestDetails* details) { } void SSLManager::DidReceiveResourceRedirect(ResourceRedirectDetails* details) { - // TODO(abarth): Make sure our redirect behavior is correct. If we ever see - // a non-HTTPS resource in the redirect chain, we want to - // trigger mixed content, even if the redirect chain goes back - // to HTTPS. This is because the network attacker can redirect - // the HTTP request to https://attacker.com/payload.js. + // TODO(abarth): Make sure our redirect behavior is correct. If we ever see a + // non-HTTPS resource in the redirect chain, we want to trigger + // insecure content, even if the redirect chain goes back to + // HTTPS. This is because the network attacker can redirect the + // HTTP request to https://attacker.com/payload.js. } void SSLManager::DidChangeSSLInternalState() { diff --git a/chrome/browser/ssl/ssl_manager.h b/chrome/browser/ssl/ssl_manager.h index 7d6c134..7ee110e 100644 --- a/chrome/browser/ssl/ssl_manager.h +++ b/chrome/browser/ssl/ssl_manager.h @@ -38,8 +38,6 @@ class URLRequest; class SSLManager : public NotificationObserver { public: - static void RegisterUserPrefs(PrefService* prefs); - // Entry point for SSLCertificateErrors. This function begins the process // of resolving a certificate error during an SSL connection. SSLManager // will adjust the security UI and either call |Cancel| or @@ -84,7 +82,7 @@ class SSLManager : public NotificationObserver { // are notified of this event. void DidCommitProvisionalLoad(const NotificationDetails& details); - // Mixed content entry point. + // Insecure content entry point. void DidRunInsecureContent(const std::string& security_origin); // Called to determine if there were any processed SSL errors from request. diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc index 4405972..768422f 100644 --- a/chrome/browser/ssl/ssl_policy.cc +++ b/chrome/browser/ssl/ssl_policy.cc @@ -125,13 +125,13 @@ void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) { if (info->resource_type() != ResourceType::MAIN_FRAME && info->resource_type() != ResourceType::SUB_FRAME) { - // The frame's origin now contains mixed content and therefore is broken. + // The frame's origin now contains insecure content. OriginRanInsecureContent(info->frame_origin(), info->child_id()); } if (info->resource_type() != ResourceType::MAIN_FRAME) { - // The main frame now contains a frame with mixed content. Therefore, we - // mark the main frame's origin as broken too. + // The main frame now contains a frame with insecure content. Therefore, + // we mark the main frame's origin as broken too. OriginRanInsecureContent(info->main_frame_origin(), info->child_id()); } } @@ -165,17 +165,17 @@ void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) { SiteInstance* site_instance = entry->site_instance(); // Note that |site_instance| can be NULL here because NavigationEntries don't // necessarily have site instances. Without a process, the entry can't - // possibly have mixed content. See bug http://crbug.com/12423. + // possibly have insecure content. See bug http://crbug.com/12423. if (site_instance && backend_->DidHostRunInsecureContent(entry->url().host(), site_instance->GetProcess()->id())) { entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); - entry->ssl().set_ran_mixed_content(); + entry->ssl().set_ran_insecure_content(); return; } if (tab_contents->displayed_insecure_content()) - entry->ssl().set_displayed_mixed_content(); + entry->ssl().set_displayed_insecure_content(); } //////////////////////////////////////////////////////////////////////////////// |