summaryrefslogtreecommitdiffstats
path: root/chrome_frame
diff options
context:
space:
mode:
authorananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-09-28 21:15:36 +0000
committerananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-09-28 21:15:36 +0000
commit00cc740755b45f1d80ab46a73f6018149db79999 (patch)
treec661d937128049ed4b16711a56e40699215c960c /chrome_frame
parent8e3e63f62e7e088b7276c3f3cde47be3f06565d6 (diff)
downloadchromium_src-00cc740755b45f1d80ab46a73f6018149db79999.zip
chromium_src-00cc740755b45f1d80ab46a73f6018149db79999.tar.gz
chromium_src-00cc740755b45f1d80ab46a73f6018149db79999.tar.bz2
We need to return S_FALSE in our IHttpSecurity::OnSecurityProblem implementation for certificate errors
to be displayed in IE6. This is because on IE6 the default IBindStatusCallback implementation in MSHTML implements the IWindowForBindingUI interface only thus resulting in the error dialog being displayed. We emulate this by returning S_FALSE in OnSecurityProblem for IE6. This should fix the IE6 issue reported in bug http://b/issue?id=2059540 Bug=2059540 Review URL: http://codereview.chromium.org/220041 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27408 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame')
-rw-r--r--chrome_frame/urlmon_url_request.cc32
1 files changed, 20 insertions, 12 deletions
diff --git a/chrome_frame/urlmon_url_request.cc b/chrome_frame/urlmon_url_request.cc
index f51da418..a745774 100644
--- a/chrome_frame/urlmon_url_request.cc
+++ b/chrome_frame/urlmon_url_request.cc
@@ -10,6 +10,7 @@
#include "base/string_util.h"
#include "base/logging.h"
#include "chrome_frame/urlmon_upload_data_stream.h"
+#include "ie_alt_tab/utils.h"
#include "net/http/http_util.h"
#include "net/http/http_response_headers.h"
@@ -337,19 +338,19 @@ STDMETHODIMP UrlmonUrlRequest::OnResponse(DWORD dwResponseCode,
std::string raw_headers = WideToUTF8(response_headers);
// Security check for frame busting headers. We don't honor the headers
- // as-such, but instead simply kill requests which we've been asked to
- // look for. This puts the onus on the user of the UrlRequest to specify
- // whether or not requests should be inspected. For ActiveDocuments, the
- // answer is "no", since WebKit's detection/handling is sufficient and since
- // ActiveDocuments cannot be hosted as iframes. For NPAPI and ActiveX
- // documents, the Initialize() function of the PluginUrlRequest object
- // allows them to specify how they'd like requests handled. Both should
+ // as-such, but instead simply kill requests which we've been asked to
+ // look for. This puts the onus on the user of the UrlRequest to specify
+ // whether or not requests should be inspected. For ActiveDocuments, the
+ // answer is "no", since WebKit's detection/handling is sufficient and since
+ // ActiveDocuments cannot be hosted as iframes. For NPAPI and ActiveX
+ // documents, the Initialize() function of the PluginUrlRequest object
+ // allows them to specify how they'd like requests handled. Both should
// set enable_frame_busting_ to true to avoid CSRF attacks.
- // Should WebKit's handling of this ever change, we will need to re-visit
- // how and when frames are killed to better mirror a policy which may
+ // Should WebKit's handling of this ever change, we will need to re-visit
+ // how and when frames are killed to better mirror a policy which may
// do something other than kill the sub-document outright.
- // NOTE(slightlyoff): We don't use net::HttpResponseHeaders here because
+ // NOTE(slightlyoff): We don't use net::HttpResponseHeaders here because
// of lingering ICU/base_noicu issues.
if (frame_busting_enabled_ &&
net::HttpUtil::HasHeader(raw_headers, kXFrameOptionsHeader)) {
@@ -453,6 +454,13 @@ STDMETHODIMP UrlmonUrlRequest::OnSecurityProblem(DWORD problem) {
// causes Urlmon to display a dialog box on the same lines as IE6.
DLOG(INFO) << __FUNCTION__ << " Security problem : " << problem;
+ // On IE6 the default IBindStatusCallback interface does not implement the
+ // IHttpSecurity interface and thus causes IE to put up a certificate error
+ // dialog box. We need to emulate this behavior for sites with mismatched
+ // certificates to work.
+ if (GetIEVersion() == IE_6)
+ return S_FALSE;
+
HRESULT hr = E_ABORT;
switch (problem) {
@@ -722,8 +730,8 @@ net::Error UrlmonUrlRequest::HresultToNetError(HRESULT hr) {
break;
case INET_E_RESOURCE_NOT_FOUND:
- // To behave more closely to the chrome network stack, we translate this
- // error value as tunnel connection failed. This error value is tested
+ // To behave more closely to the chrome network stack, we translate this
+ // error value as tunnel connection failed. This error value is tested
// in the ProxyTunnelRedirectTest and UnexpectedServerAuthTest tests.
ret = net::ERR_TUNNEL_CONNECTION_FAILED;
break;