content/public/browser/security_style_explanations.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATIONS_H_
#define CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATIONS_H_

#include <vector>

#include "content/common/content_export.h"
#include "content/public/browser/security_style_explanation.h"
#include "content/public/common/security_style.h"

namespace content {

// SecurityStyleExplanations contains information about why a particular
// SecurityStyle was chosen for a page. This information includes the
// mixed content status of the page and whether the page was loaded over
// a cryptographically secure transport. Additionally,
// SecurityStyleExplanations contains human-readable
// SecurityStyleExplanation objects that the embedder can use to
// describe embedder-specific security policies. Each
// SecurityStyleExplanation is a single security property of a page (for
// example, an expired certificate, a valid certificate, or the presence
// of a deprecated crypto algorithm). A single site may have multiple
// different explanations of "secure", "warning", and "broken" severity
// levels.
struct SecurityStyleExplanations {
  CONTENT_EXPORT SecurityStyleExplanations();
  CONTENT_EXPORT ~SecurityStyleExplanations();

  // True if the page ran insecure content such as scripts.
  bool ran_insecure_content;
  // True if the page displayed insecure content such as images.
  bool displayed_insecure_content;

  // The SecurityStyle assigned to a page that runs or displays insecure
  // content, respectively. These values are used to convey the effect
  // that mixed content has on the overall SecurityStyle of the page;
  // for example, a |displayed_insecure_content_style| value of
  // SECURITY_STYLE_UNAUTHENTICATED indicates that the page's overall
  // SecurityStyle will be downgraded to UNAUTHENTICATED as a result of
  // displaying insecure content.
  SecurityStyle ran_insecure_content_style;
  SecurityStyle displayed_insecure_content_style;

  bool scheme_is_cryptographic;

  std::vector<SecurityStyleExplanation> secure_explanations;
  std::vector<SecurityStyleExplanation> unauthenticated_explanations;
  std::vector<SecurityStyleExplanation> broken_explanations;
};

}  // namespace content

#endif  // CONTENT_PUBLIC_BROWSER_SECURITY_STYLE_EXPLANATION_H_