diff options
| author | lgarron <lgarron@chromium.org> | 2015-05-11 19:03:15 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-05-12 02:03:55 +0000 |
| commit | 92725553228681b9b7a8fd9a9e9f324d32c12018 (patch) | |
| tree | 264c4feedbd92773e3a68599425c836ea50b6cc3 /ios | |
| parent | 6a9b5b10ff3515adb47718fc23ebe039a9e3b9ff (diff) | |
| download | chromium_src-92725553228681b9b7a8fd9a9e9f324d32c12018.zip chromium_src-92725553228681b9b7a8fd9a9e9f324d32c12018.tar.gz chromium_src-92725553228681b9b7a8fd9a9e9f324d32c12018.tar.bz2 | |
Switch remaining functions from SchemeIsSecure() to
SchemeIsCryptographic().
We recently introduced SchemeIsCryptographic() and IsOriginSecure(),
which are meant to replace SchemeIsSecure().
IsOriginSecure() roughly means "do we trust this content not to be
tampered with before it reaches the user?" [1] This is a higher-level
definition that corresponds to the new "privileged contexts" spec. [2]
SchemeIsCryptographic() [3] is close to the old definition of
SchemeIsSecure(), and literally just checks if the scheme is a
cryptographic scheme (HTTPS or WSS as of right now). The difference is
that SchemeIsCryptographic() will not consider filesystem URLs secure.
IsOriginSecure() should be correct for most Fizz code.
[1] https://code.google.com/p/chromium/codesearch#chromium/src/content/public/common/origin_util.h&sq=package:chromium&type=cs&l=19&rcl=143099866
[2] https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features and https://w3c.github.io/webappsec/specs/powerfulfeatures/
[3] https://code.google.com/p/chromium/codesearch#chromium/src/url/gurl.h&sq=package:chromium&type=cs&l=250&rcl=1430998666
BUG=362214
Review URL: https://codereview.chromium.org/1136643004
Cr-Commit-Position: refs/heads/master@{#329310}
Diffstat (limited to 'ios')
| -rw-r--r-- | ios/web/net/request_tracker_impl.mm | 19 | ||||
| -rw-r--r-- | ios/web/net/request_tracker_impl_unittest.mm | 2 |
2 files changed, 10 insertions, 11 deletions
diff --git a/ios/web/net/request_tracker_impl.mm b/ios/web/net/request_tracker_impl.mm index f274771..0732538 100644 --- a/ios/web/net/request_tracker_impl.mm +++ b/ios/web/net/request_tracker_impl.mm @@ -288,7 +288,7 @@ struct TrackerCounts { status_.content_status = web::SSLStatus::NORMAL_CONTENT; } - if (!url_.SchemeIsSecure()) { + if (!url_.SchemeIsCryptographic()) { // Should not happen as the sslInfo is valid. NOTREACHED(); status_.security_style = web::SECURITY_STYLE_UNAUTHENTICATED; @@ -495,7 +495,7 @@ void RequestTrackerImpl::StartRequest(net::URLRequest* request) { GURLByRemovingRefFromGURL(url), request); counts_.push_back(counts); counts_by_request_[request] = counts; - if (page_url_.SchemeIsSecure() && !url.SchemeIsSecure()) + if (page_url_.SchemeIsCryptographic() && !url.SchemeIsCryptographic()) has_mixed_content_ = true; Notify(); } @@ -811,7 +811,7 @@ void RequestTrackerImpl::SSLNotify() { if (!counts_.size()) return; // Nothing yet to notify. - if (!page_url_.SchemeIsSecure()) + if (!page_url_.SchemeIsCryptographic()) return; const GURL page_origin = page_url_.GetOrigin(); @@ -1103,12 +1103,12 @@ void RequestTrackerImpl::RecomputeMixedContent( const TrackerCounts* split_position) { DCHECK_CURRENTLY_ON_WEB_THREAD(web::WebThread::IO); // Check if the mixed content before trimming was correct. - if (page_url_.SchemeIsSecure() && has_mixed_content_) { + if (page_url_.SchemeIsCryptographic() && has_mixed_content_) { bool old_url_has_mixed_content = false; const GURL origin = page_url_.GetOrigin(); ScopedVector<TrackerCounts>::iterator it = counts_.begin(); while (it != counts_.end() && *it != split_position) { - if (!(*it)->url.SchemeIsSecure() && + if (!(*it)->url.SchemeIsCryptographic() && origin == (*it)->first_party_for_cookies_origin) { old_url_has_mixed_content = true; break; @@ -1168,10 +1168,10 @@ void RequestTrackerImpl::TrimToURL(const GURL& full_url, id user_info) { // Locate the request with this url, if present. bool new_url_has_mixed_content = false; - bool url_scheme_is_secure = url.SchemeIsSecure(); + bool url_scheme_is_secure = url.SchemeIsCryptographic(); ScopedVector<TrackerCounts>::const_reverse_iterator rit = counts_.rbegin(); while (rit != counts_.rend() && (*rit)->url != url) { - if (url_scheme_is_secure && !(*rit)->url.SchemeIsSecure() && + if (url_scheme_is_secure && !(*rit)->url.SchemeIsCryptographic() && (*rit)->first_party_for_cookies_origin == url.GetOrigin()) { new_url_has_mixed_content = true; } @@ -1196,9 +1196,8 @@ void RequestTrackerImpl::TrimToURL(const GURL& full_url, id user_info) { if (url_scheme_is_secure && counts_.size()) { TrackerCounts* back = counts_.back(); const GURL& back_url = back->url; - if (back_url.SchemeIsSecure() && - back_url.GetOrigin() == url.GetOrigin() && - !back->is_subrequest) { + if (back_url.SchemeIsCryptographic() && + back_url.GetOrigin() == url.GetOrigin() && !back->is_subrequest) { split_position = back; } } diff --git a/ios/web/net/request_tracker_impl_unittest.mm b/ios/web/net/request_tracker_impl_unittest.mm index bb87192..893f9ab 100644 --- a/ios/web/net/request_tracker_impl_unittest.mm +++ b/ios/web/net/request_tracker_impl_unittest.mm @@ -258,7 +258,7 @@ class RequestTrackerTest : public PlatformTest { EXPECT_TRUE(requests_[i]->ssl_info().is_valid()); } } - EXPECT_TRUE(!secure == !requests_[i]->url().SchemeIsSecure()); + EXPECT_TRUE(!secure == !requests_[i]->url().SchemeIsCryptographic()); return requests_[i]; } |