Always block the request for a sub-resource with an

SSL certificate error.

R=abarth,jcampan
BUG=2316
Review URL: http://codereview.chromium.org/3091

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2291 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 14 deletions

diff --git a/chrome/browser/ssl_policy.cc b/chrome/browser/ssl_policy.cc
index dbcfb75..d75b895 100644
--- a/chrome/browser/ssl_policy.cc
+++ b/chrome/browser/ssl_policy.cc
@@ -284,20 +284,11 @@ class DefaultPolicy : public SSLPolicy {
         // page is shown to the user every time he comes back to the page.
       case net::X509Certificate::Policy::UNKNOWN:
         if (error->resource_type() != ResourceType::MAIN_FRAME) {
-          if (main_frame_url.SchemeIsSecure() &&
-              !error->manager()->CanShowInsecureContent(main_frame_url)) {
-            error->manager()->ShowMessageWithLink(
-                l10n_util::GetString(IDS_SSL_INFO_BAR_FILTERED_CONTENT),
-                l10n_util::GetString(IDS_SSL_INFO_BAR_SHOW_CONTENT),
-                new ShowUnsafeContentTask(main_frame_url, error));
-            error->DenyRequest();
-          } else {
-            // TODO(jcampan): if we get a bad HTTPS resource from a secure
-            // frame in an insecure page, it might compromise any other page
-            // from the secure frame domain, we should change their style to
-            // insecure, or just filter the resource and show an info-bar.
-            error->ContinueRequest();
-          }
+          // A sub-resource has a certificate error.  The user doesn't really
+          // have a context for making the right decision, so block the
+          // request hard, without an info bar to allow showing the insecure
+          // content.
+          error->DenyRequest();
           break;
         }
         // We don't know how to handle this error.  Ask our sub-policies.