summaryrefslogtreecommitdiffstats
path: root/webkit/plugins/npapi
diff options
context:
space:
mode:
authorcevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-06-22 07:13:50 +0000
committercevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-06-22 07:13:50 +0000
commit322bde0ebb545e011558ca92dc4ececa782fe25f (patch)
tree480642f3083a80177578c38a13f7544e17603cab /webkit/plugins/npapi
parente8659ea84b636efd09f58080084acd4655113505 (diff)
downloadchromium_src-322bde0ebb545e011558ca92dc4ececa782fe25f.zip
chromium_src-322bde0ebb545e011558ca92dc4ececa782fe25f.tar.gz
chromium_src-322bde0ebb545e011558ca92dc4ececa782fe25f.tar.bz2
Supervise redirects of the plugin src url load, and bounce them through WebKit's
mixed content detection. BUG=53949 Review URL: http://codereview.chromium.org/7207003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@89998 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/plugins/npapi')
-rw-r--r--webkit/plugins/npapi/webplugin_impl.cc28
-rw-r--r--webkit/plugins/npapi/webplugin_impl.h6
2 files changed, 26 insertions, 8 deletions
diff --git a/webkit/plugins/npapi/webplugin_impl.cc b/webkit/plugins/npapi/webplugin_impl.cc
index 22a5d9c..91eada0 100644
--- a/webkit/plugins/npapi/webplugin_impl.cc
+++ b/webkit/plugins/npapi/webplugin_impl.cc
@@ -223,6 +223,7 @@ struct WebPluginImpl::ClientInfo {
bool pending_failure_notification;
linked_ptr<WebKit::WebURLLoader> loader;
bool notify_redirects;
+ bool check_mixed_scripting;
};
bool WebPluginImpl::initialize(WebPluginContainer* container) {
@@ -809,7 +810,7 @@ void WebPluginImpl::InvalidateRect(const gfx::Rect& rect) {
void WebPluginImpl::OnDownloadPluginSrcUrl() {
HandleURLRequestInternal(
plugin_url_.spec().c_str(), "GET", NULL, NULL, 0, 0, false, DOCUMENT_URL,
- false);
+ false, true);
}
WebPluginResourceClient* WebPluginImpl::GetClientFromLoader(
@@ -836,6 +837,17 @@ void WebPluginImpl::willSendRequest(WebURLLoader* loader,
const WebURLResponse& response) {
WebPluginImpl::ClientInfo* client_info = GetClientInfoFromLoader(loader);
if (client_info) {
+ // Currently this check is just to catch an https -> http redirect when
+ // loading the main plugin src URL. Longer term, we could investigate
+ // firing mixed diplay or scripting issues for subresource loads
+ // initiated by plug-ins.
+ if (client_info->check_mixed_scripting &&
+ webframe_ &&
+ !webframe_->checkIfRunInsecureContent(request.url())) {
+ loader->cancel();
+ client_info->client->DidFail();
+ return;
+ }
if (net::HttpResponseHeaders::IsRedirectResponseCode(
response.httpStatusCode())) {
// If the plugin does not participate in url redirect notifications then
@@ -1038,7 +1050,7 @@ void WebPluginImpl::HandleURLRequest(const char* url,
// plugin SRC url as the referrer if it is available.
HandleURLRequestInternal(
url, method, target, buf, len, notify_id, popups_allowed, PLUGIN_SRC,
- notify_redirects);
+ notify_redirects, false);
}
void WebPluginImpl::HandleURLRequestInternal(const char* url,
@@ -1049,7 +1061,8 @@ void WebPluginImpl::HandleURLRequestInternal(const char* url,
int notify_id,
bool popups_allowed,
Referrer referrer_flag,
- bool notify_redirects) {
+ bool notify_redirects,
+ bool check_mixed_scripting) {
// For this request, we either route the output to a frame
// because a target has been specified, or we handle the request
// here, i.e. by executing the script if it is a javascript url
@@ -1108,7 +1121,8 @@ void WebPluginImpl::HandleURLRequestInternal(const char* url,
return;
InitiateHTTPRequest(resource_id, resource_client, complete_url, method, buf,
- len, NULL, referrer_flag, notify_redirects);
+ len, NULL, referrer_flag, notify_redirects,
+ check_mixed_scripting);
}
unsigned long WebPluginImpl::GetNextResourceId() {
@@ -1128,7 +1142,8 @@ bool WebPluginImpl::InitiateHTTPRequest(unsigned long resource_id,
int buf_len,
const char* range_info,
Referrer referrer_flag,
- bool notify_redirects) {
+ bool notify_redirects,
+ bool check_mixed_scripting) {
if (!client) {
NOTREACHED();
return false;
@@ -1146,6 +1161,7 @@ bool WebPluginImpl::InitiateHTTPRequest(unsigned long resource_id,
info.request.setHTTPMethod(WebString::fromUTF8(method));
info.pending_failure_notification = false;
info.notify_redirects = notify_redirects;
+ info.check_mixed_scripting = check_mixed_scripting;
if (range_info) {
info.request.addHTTPHeaderField(WebString::fromUTF8("Range"),
@@ -1192,7 +1208,7 @@ void WebPluginImpl::InitiateHTTPRangeRequest(
delegate_->CreateSeekableResourceClient(resource_id, range_request_id);
InitiateHTTPRequest(
resource_id, resource_client, complete_url, "GET", NULL, 0, range_info,
- load_manually_ ? NO_REFERRER : PLUGIN_SRC, false);
+ load_manually_ ? NO_REFERRER : PLUGIN_SRC, false, false);
}
void WebPluginImpl::SetDeferResourceLoading(unsigned long resource_id,
diff --git a/webkit/plugins/npapi/webplugin_impl.h b/webkit/plugins/npapi/webplugin_impl.h
index 2baaf74..d08332c 100644
--- a/webkit/plugins/npapi/webplugin_impl.h
+++ b/webkit/plugins/npapi/webplugin_impl.h
@@ -172,7 +172,8 @@ class WebPluginImpl : public WebPlugin,
int len,
const char* range_info,
Referrer referrer_flag,
- bool notify_redirects);
+ bool notify_redirects,
+ bool check_mixed_scripting);
gfx::Rect GetWindowClipRect(const gfx::Rect& rect);
@@ -243,7 +244,8 @@ class WebPluginImpl : public WebPlugin,
int notify_id,
bool popups_allowed,
Referrer referrer_flag,
- bool notify_redirects);
+ bool notify_redirects,
+ bool check_mixed_scripting);
// Tears down the existing plugin instance and creates a new plugin instance
// to handle the response identified by the loader parameter.