diff options
| author | estark <estark@chromium.org> | 2015-07-28 15:42:46 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-07-28 22:43:18 +0000 |
| commit | 0c388aaf008fe3549e436fdfa3b2d2ee95b9a011 (patch) | |
| tree | a19334865538c338914fc5edbe492a63be997a86 /content/browser/ssl/ssl_policy.cc | |
| parent | 772c9c76dd4af50f697e67751867686c15321435 (diff) | |
| download | chromium_src-0c388aaf008fe3549e436fdfa3b2d2ee95b9a011.zip chromium_src-0c388aaf008fe3549e436fdfa3b2d2ee95b9a011.tar.gz chromium_src-0c388aaf008fe3549e436fdfa3b2d2ee95b9a011.tar.bz2 | |
Revert of Attach a SecurityStyle to each request in ResourceLoader (patchset #9 id:160001 of https://codereview.chromium.org/1244863003/)
Reason for revert:
SecurityStyleChanged browser test is flaky after this change: http://build.chromium.org/p/chromium.linux/builders/Linux%20Tests
Original issue's description:
> Attach a SecurityStyle to each request in ResourceLoader
>
> This CL adds a SecurityStyle to the serialized security information that
> is sent with each request from the browser to the renderer. The
> SecurityStyle describes the individual resource, not any bigger-picture
> concerns like mixed content. The per-request SecurityStyle will be
> displayed in DevTools to help developers diagnose SSL issues on
> subresources.
>
> BUG=502118, 445234
>
> Committed: https://crrev.com/5318895a4dd623caf5d152461684935c6e874e12
> Cr-Commit-Position: refs/heads/master@{#340762}
TBR=creis@chromium.org,davidben@chromium.org,palmer@chromium.org,msw@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=502118, 445234
Review URL: https://codereview.chromium.org/1259253009
Cr-Commit-Position: refs/heads/master@{#340785}
Diffstat (limited to 'content/browser/ssl/ssl_policy.cc')
| -rw-r--r-- | content/browser/ssl/ssl_policy.cc | 48 |
1 files changed, 22 insertions, 26 deletions
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc index 8804409..f038444 100644 --- a/content/browser/ssl/ssl_policy.cc +++ b/content/browser/ssl/ssl_policy.cc @@ -19,12 +19,11 @@ #include "content/browser/ssl/ssl_request_info.h" #include "content/browser/web_contents/web_contents_impl.h" #include "content/public/browser/content_browser_client.h" -#include "content/public/browser/web_contents.h" #include "content/public/common/resource_type.h" #include "content/public/common/ssl_status.h" #include "content/public/common/url_constants.h" #include "net/ssl/ssl_info.h" -#include "url/gurl.h" + namespace content { @@ -139,22 +138,37 @@ void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) { } void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry, - WebContents* web_contents) { + WebContentsImpl* web_contents) { DCHECK(entry); InitializeEntryIfNeeded(entry); - if (entry->GetSSL().security_style == SECURITY_STYLE_UNAUTHENTICATED) + if (!entry->GetURL().SchemeIsCryptographic()) return; if (!web_contents->DisplayedInsecureContent()) entry->GetSSL().content_status &= ~SSLStatus::DISPLAYED_INSECURE_CONTENT; + // An HTTPS response may not have a certificate for some reason. When that + // happens, use the unauthenticated (HTTP) rather than the authentication + // broken security style so that we can detect this error condition. + if (!entry->GetSSL().cert_id) { + entry->GetSSL().security_style = SECURITY_STYLE_UNAUTHENTICATED; + return; + } + if (web_contents->DisplayedInsecureContent()) entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT; - if (entry->GetSSL().security_style == SECURITY_STYLE_AUTHENTICATION_BROKEN) + if (net::IsCertStatusError(entry->GetSSL().cert_status)) { + // Minor errors don't lower the security style to + // SECURITY_STYLE_AUTHENTICATION_BROKEN. + if (!net::IsCertStatusMinorError(entry->GetSSL().cert_status)) { + entry->GetSSL().security_style = + SECURITY_STYLE_AUTHENTICATION_BROKEN; + } return; + } SiteInstance* site_instance = entry->site_instance(); // Note that |site_instance| can be NULL here because NavigationEntries don't @@ -170,25 +184,6 @@ void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry, } } -// Static -SecurityStyle SSLPolicy::GetSecurityStyleForResource(const GURL& url, - const SSLStatus& ssl) { - // An HTTPS response may not have a certificate for some reason. When that - // happens, use the unauthenticated (HTTP) rather than the authentication - // broken security style so that we can detect this error condition. - if (!url.SchemeIsCryptographic() || !ssl.cert_id) - return SECURITY_STYLE_UNAUTHENTICATED; - - // Minor errors don't lower the security style to - // SECURITY_STYLE_AUTHENTICATION_BROKEN. - if (net::IsCertStatusError(ssl.cert_status) && - !net::IsCertStatusMinorError(ssl.cert_status)) { - return SECURITY_STYLE_AUTHENTICATION_BROKEN; - } - - return SECURITY_STYLE_AUTHENTICATED; -} - void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler, bool allow) { DCHECK(handler->ssl_info().is_valid()); @@ -256,8 +251,9 @@ void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { if (entry->GetSSL().security_style != SECURITY_STYLE_UNKNOWN) return; - entry->GetSSL().security_style = - GetSecurityStyleForResource(entry->GetURL(), entry->GetSSL()); + entry->GetSSL().security_style = entry->GetURL().SchemeIsCryptographic() + ? SECURITY_STYLE_AUTHENTICATED + : SECURITY_STYLE_UNAUTHENTICATED; } void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |