Implement WorkerFetchContext::ShouldBlockFetchByMixedContentCheck() for off-main-thread-fetch.
When off-main-thread-featch is enabled, currently all mixed content requests are
blocked by WorkerFetchContext::ShouldBlockFetchByMixedContentCheck(). But Chrome
doesn't show the error message of "This page is trying to load scripts from
unauthenticated sources" in the omnibox.
Chrome should show the message. After the user clicks "load unsafe scripts",
Chrome should load the mixed content and shows the red "Not secure" indicator
in the omnibox.
And also there is a problem that the mixed content blocking logic in the workers
doesn't reflect the settings such as AllowRunningOfInsecureContent and
StrictlyBlockBlockableMixedContent.
This CL fix these problems by implementing ShouldBlockFetchByMixedContentCheck()
of WorkerFetchContext in the same way as FrameFetchContext. And the IPC messages
such as ChromeViewHostMsg_ContentBlocked and FrameHostMsg_DidRunInsecureContent
will be sent from the worker thread to show the messages in the omnibox.
These behaviors are tested by SSLUIWorkerFetchTest and the layout tests of
insecure-fetch-on-dedicated-worker-{allowed/blocked}.https.html
Bug: 443374
Change-Id: I8843b3a8ca4c6048ee73633dc15ea43ace2cab0a
Reviewed-on: https://chromium-review.googlesource.com/566748
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#490221}17 files changed
