Implement WorkerFetchContext::ShouldBlockFetchByMixedContentCheck() for off-main-thread-fetch.
When off-main-thread-featch is enabled, currently all mixed content requests are
blocked by WorkerFetchContext::ShouldBlockFetchByMixedContentCheck(). But Chrome
doesn't show the error message of "This page is trying to load scripts from
unauthenticated sources" in the omnibox.
Chrome should show the message. After the user clicks "load unsafe scripts",
Chrome should load the mixed content and shows the red "Not secure" indicator
in the omnibox.
And also there is a problem that the mixed content blocking logic in the workers
doesn't reflect the settings such as AllowRunningOfInsecureContent and
StrictlyBlockBlockableMixedContent.
This CL fix these problems by implementing ShouldBlockFetchByMixedContentCheck()
of WorkerFetchContext in the same way as FrameFetchContext. And the IPC messages
such as ChromeViewHostMsg_ContentBlocked and FrameHostMsg_DidRunInsecureContent
will be sent from the worker thread to show the messages in the omnibox.
These behaviors are tested by SSLUIWorkerFetchTest and the layout tests of
insecure-fetch-on-dedicated-worker-{allowed/blocked}.https.html
Bug: 443374
Change-Id: I8843b3a8ca4c6048ee73633dc15ea43ace2cab0a
Reviewed-on: https://chromium-review.googlesource.com/566748
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#490221}diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index 2a304e47..48200bb 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -2871,13 +2871,6 @@
// This test checks the behavior of mixed content blocking for the requests
// from a dedicated worker by changing the settings in WebPreferences.
IN_PROC_BROWSER_TEST_P(SSLUIWorkerFetchTest, MixedContentSettings) {
- if (GetParam().first == OffMainThreadFetchMode::kEnabled &&
- GetParam().second == SSLUIWorkerFetchTestType::kUseFetch) {
- // TODO(horo): Remove this return when we implement
- // WorkerFetchContext::ShouldBlockFetchByMixedContentCheck() correctly for
- // off-main-thread-fetch cases.
- return;
- }
ChromeContentBrowserClientForMixedContentTest browser_client;
content::ContentBrowserClient* old_browser_client =
content::SetBrowserClientForTesting(&browser_client);
@@ -2983,13 +2976,6 @@
// allow_running_insecure_content setting is false or
// strict_mixed_content_checking setting is true.
IN_PROC_BROWSER_TEST_P(SSLUIWorkerFetchTest, MixedContentSubFrame) {
- if (GetParam().first == OffMainThreadFetchMode::kEnabled &&
- GetParam().second == SSLUIWorkerFetchTestType::kUseFetch) {
- // TODO(horo): Remove this return when we implement
- // WorkerFetchContext::ShouldBlockFetchByMixedContentCheck() correctly for
- // off-main-thread-fetch cases.
- return;
- }
ChromeContentBrowserClientForMixedContentTest browser_client;
content::ContentBrowserClient* old_browser_client =
content::SetBrowserClientForTesting(&browser_client);
diff --git a/chrome/renderer/content_settings_observer.h b/chrome/renderer/content_settings_observer.h
index decff1b..350e089 100644
--- a/chrome/renderer/content_settings_observer.h
+++ b/chrome/renderer/content_settings_observer.h
@@ -95,6 +95,10 @@
base::TimeDelta duration,
const blink::WebURL& url) override;
+ bool allow_running_insecure_content() const {
+ return allow_running_insecure_content_;
+ }
+
private:
FRIEND_TEST_ALL_PREFIXES(ContentSettingsObserverTest, WhitelistedSchemes);
FRIEND_TEST_ALL_PREFIXES(ChromeRenderViewTest,
diff --git a/chrome/renderer/worker_content_settings_client.cc b/chrome/renderer/worker_content_settings_client.cc
index 56d9d14..7c94ea2 100644
--- a/chrome/renderer/worker_content_settings_client.cc
+++ b/chrome/renderer/worker_content_settings_client.cc
@@ -5,6 +5,7 @@
#include "chrome/renderer/worker_content_settings_client.h"
#include "chrome/common/render_messages.h"
+#include "chrome/renderer/content_settings_observer.h"
#include "content/public/renderer/render_frame.h"
#include "content/public/renderer/render_thread.h"
#include "ipc/ipc_sync_message_filter.h"
@@ -26,6 +27,8 @@
url::Origin(frame->GetDocument().GetSecurityOrigin()).GetURL();
top_frame_origin_url_ =
url::Origin(frame->Top()->GetSecurityOrigin()).GetURL();
+ allow_running_insecure_content_ = ContentSettingsObserver::Get(render_frame)
+ ->allow_running_insecure_content();
}
WorkerContentSettingsClient::~WorkerContentSettingsClient() {}
@@ -52,3 +55,16 @@
&result));
return result;
}
+
+bool WorkerContentSettingsClient::AllowRunningInsecureContent(
+ bool allowed_per_settings,
+ const blink::WebSecurityOrigin& context,
+ const blink::WebURL& url) {
+ if (!allow_running_insecure_content_ && !allowed_per_settings) {
+ sync_message_filter_->Send(new ChromeViewHostMsg_ContentBlocked(
+ routing_id_, CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, base::string16()));
+ return false;
+ }
+
+ return true;
+}
diff --git a/chrome/renderer/worker_content_settings_client.h b/chrome/renderer/worker_content_settings_client.h
index 6f74ab0..7256341 100644
--- a/chrome/renderer/worker_content_settings_client.h
+++ b/chrome/renderer/worker_content_settings_client.h
@@ -33,6 +33,9 @@
bool RequestFileSystemAccessSync() override;
bool AllowIndexedDB(const blink::WebString& name,
const blink::WebSecurityOrigin&) override;
+ bool AllowRunningInsecureContent(bool allowed_per_settings,
+ const blink::WebSecurityOrigin& context,
+ const blink::WebURL& url) override;
private:
// Loading document context for this worker.
@@ -40,6 +43,7 @@
bool is_unique_origin_;
GURL document_origin_url_;
GURL top_frame_origin_url_;
+ bool allow_running_insecure_content_;
scoped_refptr<IPC::SyncMessageFilter> sync_message_filter_;
DISALLOW_COPY_AND_ASSIGN(WorkerContentSettingsClient);
diff --git a/content/renderer/service_worker/worker_fetch_context_impl.cc b/content/renderer/service_worker/worker_fetch_context_impl.cc
index c608bf7..70f7d5f 100644
--- a/content/renderer/service_worker/worker_fetch_context_impl.cc
+++ b/content/renderer/service_worker/worker_fetch_context_impl.cc
@@ -75,6 +75,14 @@
return is_data_saver_enabled_;
}
+void WorkerFetchContextImpl::SetIsOnSubframe(bool is_on_sub_frame) {
+ is_on_sub_frame_ = is_on_sub_frame;
+}
+
+bool WorkerFetchContextImpl::IsOnSubframe() const {
+ return is_on_sub_frame_;
+}
+
blink::WebURL WorkerFetchContextImpl::FirstPartyForCookies() const {
return first_party_for_cookies_;
}
@@ -91,6 +99,13 @@
url));
}
+void WorkerFetchContextImpl::DidRunInsecureContent(
+ const blink::WebSecurityOrigin& origin,
+ const blink::WebURL& url) {
+ Send(new FrameHostMsg_DidRunInsecureContent(
+ parent_frame_id_, GURL(origin.ToString().Utf8()), url));
+}
+
void WorkerFetchContextImpl::SetSubresourceFilterBuilder(
std::unique_ptr<blink::WebDocumentSubresourceFilter::Builder>
subresource_filter_builder) {
diff --git a/content/renderer/service_worker/worker_fetch_context_impl.h b/content/renderer/service_worker/worker_fetch_context_impl.h
index 200f2fe..4da155f 100644
--- a/content/renderer/service_worker/worker_fetch_context_impl.h
+++ b/content/renderer/service_worker/worker_fetch_context_impl.h
@@ -48,10 +48,14 @@
bool IsControlledByServiceWorker() const override;
void SetDataSaverEnabled(bool) override;
bool IsDataSaverEnabled() const override;
+ void SetIsOnSubframe(bool) override;
+ bool IsOnSubframe() const override;
blink::WebURL FirstPartyForCookies() const override;
void DidRunContentWithCertificateErrors(const blink::WebURL& url) override;
void DidDisplayContentWithCertificateErrors(
const blink::WebURL& url) override;
+ void DidRunInsecureContent(const blink::WebSecurityOrigin&,
+ const blink::WebURL& insecure_url) override;
void SetApplicationCacheHostID(int id) override;
int ApplicationCacheHostID() const override;
void SetSubresourceFilterBuilder(
@@ -95,6 +99,7 @@
std::unique_ptr<blink::WebDocumentSubresourceFilter::Builder>
subresource_filter_builder_;
bool is_data_saver_enabled_ = false;
+ bool is_on_sub_frame_ = false;
int parent_frame_id_ = MSG_ROUTING_NONE;
GURL first_party_for_cookies_;
bool is_secure_context_ = false;
diff --git a/third_party/WebKit/LayoutTests/virtual/off-main-thread-fetch/http/tests/security/mixedContent/insecure-fetch-on-dedicated-worker-allowed.https-expected.txt b/third_party/WebKit/LayoutTests/virtual/off-main-thread-fetch/http/tests/security/mixedContent/insecure-fetch-on-dedicated-worker-allowed.https-expected.txt
index 8a8f600b39..c5b7066a 100644
--- a/third_party/WebKit/LayoutTests/virtual/off-main-thread-fetch/http/tests/security/mixedContent/insecure-fetch-on-dedicated-worker-allowed.https-expected.txt
+++ b/third_party/WebKit/LayoutTests/virtual/off-main-thread-fetch/http/tests/security/mixedContent/insecure-fetch-on-dedicated-worker-allowed.https-expected.txt
@@ -1,4 +1,5 @@
+CONSOLE WARNING: line 1: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/insecure-fetch-in-dedicated-worker.js' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8000/xmlhttprequest/resources/access-control-allow-lists.php?origin=*'. This content should also be served over HTTPS.
This is a testharness.js-based test.
-FAIL Insecure resource loads inside Worker when 'AllowRunningInsecureContent' is set. assert_equals: expected "LOADED" but got "LOAD FAILED"
+PASS Insecure resource loads inside Worker when 'AllowRunningInsecureContent' is set.
Harness: the test ran to completion.
diff --git a/third_party/WebKit/LayoutTests/virtual/off-main-thread-fetch/http/tests/security/mixedContent/insecure-fetch-on-dedicated-worker-blocked.https-expected.txt b/third_party/WebKit/LayoutTests/virtual/off-main-thread-fetch/http/tests/security/mixedContent/insecure-fetch-on-dedicated-worker-blocked.https-expected.txt
index fa8ae50..dcd9fdc 100644
--- a/third_party/WebKit/LayoutTests/virtual/off-main-thread-fetch/http/tests/security/mixedContent/insecure-fetch-on-dedicated-worker-blocked.https-expected.txt
+++ b/third_party/WebKit/LayoutTests/virtual/off-main-thread-fetch/http/tests/security/mixedContent/insecure-fetch-on-dedicated-worker-blocked.https-expected.txt
@@ -1,3 +1,4 @@
+CONSOLE ERROR: line 1: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/insecure-fetch-in-dedicated-worker.js' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8000/xmlhttprequest/resources/access-control-allow-lists.php?origin=*'. This request has been blocked; the content must be served over HTTPS.
This is a testharness.js-based test.
PASS Insecure resource loads inside Worker failes when 'AllowRunningInsecureContent' is not set.
Harness: the test ran to completion.
diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
index 5764ef7..9c81160 100644
--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
@@ -37,6 +37,10 @@
#include "core/frame/UseCounter.h"
#include "core/inspector/ConsoleMessage.h"
#include "core/loader/DocumentLoader.h"
+#include "core/workers/WorkerContentSettingsClient.h"
+#include "core/workers/WorkerGlobalScope.h"
+#include "core/workers/WorkerOrWorkletGlobalScope.h"
+#include "core/workers/WorkerSettings.h"
#include "platform/RuntimeEnabledFeatures.h"
#include "platform/network/NetworkUtils.h"
#include "platform/weborigin/SchemeRegistry.h"
@@ -45,6 +49,8 @@
#include "public/platform/WebAddressSpace.h"
#include "public/platform/WebInsecureRequestPolicy.h"
#include "public/platform/WebMixedContent.h"
+#include "public/platform/WebSecurityOrigin.h"
+#include "public/platform/WebWorkerFetchContext.h"
namespace blink {
@@ -218,7 +224,7 @@
// static
void MixedContentChecker::LogToConsoleAboutFetch(
- LocalFrame* frame,
+ ExecutionContext* execution_context,
const KURL& main_resource_url,
const KURL& url,
WebURLRequest::RequestContext request_context,
@@ -235,11 +241,11 @@
MessageLevel message_level =
allowed ? kWarningMessageLevel : kErrorMessageLevel;
if (source_location) {
- frame->GetDocument()->AddConsoleMessage(
+ execution_context->AddConsoleMessage(
ConsoleMessage::Create(kSecurityMessageSource, message_level, message,
std::move(source_location)));
} else {
- frame->GetDocument()->AddConsoleMessage(
+ execution_context->AddConsoleMessage(
ConsoleMessage::Create(kSecurityMessageSource, message_level, message));
}
}
@@ -409,13 +415,74 @@
};
if (reporting_policy == SecurityViolationReportingPolicy::kReport) {
- LogToConsoleAboutFetch(frame, MainResourceUrlForFrame(mixed_frame), url,
+ LogToConsoleAboutFetch(frame->GetDocument(),
+ MainResourceUrlForFrame(mixed_frame), url,
request_context, allowed, nullptr);
}
return !allowed;
}
// static
+bool MixedContentChecker::ShouldBlockFetchOnWorker(
+ WorkerOrWorkletGlobalScope* global_scope,
+ WebWorkerFetchContext* worker_fetch_context,
+ const ResourceRequest& request,
+ const KURL& url,
+ SecurityViolationReportingPolicy reporting_policy) {
+ if (!MixedContentChecker::IsMixedContent(global_scope->GetSecurityOrigin(),
+ url)) {
+ return false;
+ }
+
+ UseCounter::Count(global_scope, WebFeature::kMixedContentPresent);
+ UseCounter::Count(global_scope, WebFeature::kMixedContentBlockable);
+ if (ContentSecurityPolicy* policy = global_scope->GetContentSecurityPolicy())
+ policy->ReportMixedContent(url, request.GetRedirectStatus());
+
+ // Blocks all mixed content request from worklets.
+ // TODO(horo): Revise this when the spec is updated.
+ // Worklets spec: https://www.w3.org/TR/worklets-1/#security-considerations
+ // Spec issue: https://github.com/w3c/css-houdini-drafts/issues/92
+ if (!global_scope->IsWorkerGlobalScope())
+ return true;
+
+ WorkerGlobalScope* worker_global_scope = ToWorkerGlobalScope(global_scope);
+ WorkerSettings* settings = worker_global_scope->GetWorkerSettings();
+ DCHECK(settings);
+ bool allowed = false;
+ if (!settings->GetAllowRunningOfInsecureContent() &&
+ worker_fetch_context->IsOnSubframe()) {
+ UseCounter::Count(global_scope,
+ WebFeature::kBlockableMixedContentInSubframeBlocked);
+ allowed = false;
+ } else {
+ bool strict_mode = worker_global_scope->GetInsecureRequestPolicy() &
+ kBlockAllMixedContent ||
+ settings->GetStrictMixedContentChecking();
+ bool should_ask_embedder =
+ !strict_mode && (!settings->GetStrictlyBlockBlockableMixedContent() ||
+ settings->GetAllowRunningOfInsecureContent());
+ allowed = should_ask_embedder &&
+ WorkerContentSettingsClient::From(*global_scope)
+ ->AllowRunningInsecureContent(
+ settings->GetAllowRunningOfInsecureContent(),
+ global_scope->GetSecurityOrigin(), url);
+ if (allowed) {
+ worker_fetch_context->DidRunInsecureContent(
+ WebSecurityOrigin(global_scope->GetSecurityOrigin()), url);
+ UseCounter::Count(global_scope,
+ WebFeature::kMixedContentBlockableAllowed);
+ }
+ }
+
+ if (reporting_policy == SecurityViolationReportingPolicy::kReport) {
+ LogToConsoleAboutFetch(global_scope, global_scope->Url(), url,
+ request.GetRequestContext(), allowed, nullptr);
+ }
+ return !allowed;
+}
+
+// static
void MixedContentChecker::LogToConsoleAboutWebSocket(
LocalFrame* frame,
const KURL& main_resource_url,
@@ -599,8 +666,8 @@
bool had_redirect,
std::unique_ptr<SourceLocation> source_location) {
// Logs to the frame console.
- LogToConsoleAboutFetch(frame, main_resource_url, mixed_content_url,
- request_context, was_allowed,
+ LogToConsoleAboutFetch(frame->GetDocument(), main_resource_url,
+ mixed_content_url, request_context, was_allowed,
std::move(source_location));
// Reports to the CSP policy.
ContentSecurityPolicy* policy =
diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.h b/third_party/WebKit/Source/core/loader/MixedContentChecker.h
index d24823d..0720856e 100644
--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.h
+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.h
@@ -42,12 +42,15 @@
namespace blink {
+class ExecutionContext;
class Frame;
class LocalFrame;
class KURL;
class ResourceResponse;
class SecurityOrigin;
class SourceLocation;
+class WorkerOrWorkletGlobalScope;
+class WebWorkerFetchContext;
// Checks resource loads for mixed content. If PlzNavigate is enabled then this
// class only checks for sub-resource loads while frame-level loads are
@@ -69,16 +72,23 @@
const KURL&,
SecurityViolationReportingPolicy =
SecurityViolationReportingPolicy::kReport);
- static bool ShouldBlockFetch(LocalFrame* frame,
- const ResourceRequest& request,
- const KURL& url,
- SecurityViolationReportingPolicy status =
- SecurityViolationReportingPolicy::kReport) {
+ static bool ShouldBlockFetch(
+ LocalFrame* frame,
+ const ResourceRequest& request,
+ const KURL& url,
+ SecurityViolationReportingPolicy reporting_policy =
+ SecurityViolationReportingPolicy::kReport) {
return ShouldBlockFetch(frame, request.GetRequestContext(),
request.GetFrameType(), request.GetRedirectStatus(),
- url, status);
+ url, reporting_policy);
}
+ static bool ShouldBlockFetchOnWorker(WorkerOrWorkletGlobalScope*,
+ WebWorkerFetchContext*,
+ const ResourceRequest&,
+ const KURL&,
+ SecurityViolationReportingPolicy);
+
static bool ShouldBlockWebSocket(
LocalFrame*,
const KURL&,
@@ -125,7 +135,7 @@
const KURL&,
const LocalFrame*);
- static void LogToConsoleAboutFetch(LocalFrame*,
+ static void LogToConsoleAboutFetch(ExecutionContext*,
const KURL&,
const KURL&,
WebURLRequest::RequestContext,
diff --git a/third_party/WebKit/Source/core/loader/WorkerFetchContext.cpp b/third_party/WebKit/Source/core/loader/WorkerFetchContext.cpp
index 3d4a516..015e0cf9 100644
--- a/third_party/WebKit/Source/core/loader/WorkerFetchContext.cpp
+++ b/third_party/WebKit/Source/core/loader/WorkerFetchContext.cpp
@@ -153,10 +153,9 @@
const ResourceRequest& resource_request,
const KURL& url,
SecurityViolationReportingPolicy reporting_policy) const {
- // TODO(horo): We need more detailed check which is implemented in
- // MixedContentChecker::ShouldBlockFetch().
- return MixedContentChecker::IsMixedContent(global_scope_->GetSecurityOrigin(),
- url);
+ return MixedContentChecker::ShouldBlockFetchOnWorker(
+ global_scope_, web_context_.get(), resource_request, url,
+ reporting_policy);
}
bool WorkerFetchContext::ShouldBlockFetchAsCredentialedSubresource(
diff --git a/third_party/WebKit/Source/core/workers/ThreadedMessagingProxyBase.cpp b/third_party/WebKit/Source/core/workers/ThreadedMessagingProxyBase.cpp
index ac1bc8d..f2d176d 100644
--- a/third_party/WebKit/Source/core/workers/ThreadedMessagingProxyBase.cpp
+++ b/third_party/WebKit/Source/core/workers/ThreadedMessagingProxyBase.cpp
@@ -52,6 +52,8 @@
document->Fetcher()->Context().ApplicationCacheHostID());
web_worker_fetch_context->SetDataSaverEnabled(
document->GetFrame()->GetSettings()->GetDataSaverEnabled());
+ web_worker_fetch_context->SetIsOnSubframe(
+ document->GetFrame() != document->GetFrame()->Tree().Top());
ProvideWorkerFetchContextToWorker(worker_clients,
std::move(web_worker_fetch_context));
}
diff --git a/third_party/WebKit/Source/core/workers/WorkerContentSettingsClient.cpp b/third_party/WebKit/Source/core/workers/WorkerContentSettingsClient.cpp
index 8dfb7549..1871891 100644
--- a/third_party/WebKit/Source/core/workers/WorkerContentSettingsClient.cpp
+++ b/third_party/WebKit/Source/core/workers/WorkerContentSettingsClient.cpp
@@ -32,6 +32,8 @@
#include <memory>
#include "core/workers/WorkerGlobalScope.h"
+#include "platform/weborigin/SecurityOrigin.h"
+#include "public/platform/WebSecurityOrigin.h"
#include "public/platform/WebString.h"
namespace blink {
@@ -55,6 +57,17 @@
return client_->AllowIndexedDB(name, WebSecurityOrigin());
}
+bool WorkerContentSettingsClient::AllowRunningInsecureContent(
+ bool enabled_per_settings,
+ SecurityOrigin* origin,
+ const KURL& url) {
+ if (client_) {
+ return client_->AllowRunningInsecureContent(enabled_per_settings,
+ WebSecurityOrigin(origin), url);
+ }
+ return enabled_per_settings;
+}
+
const char* WorkerContentSettingsClient::SupplementName() {
return "WorkerContentSettingsClient";
}
diff --git a/third_party/WebKit/Source/core/workers/WorkerContentSettingsClient.h b/third_party/WebKit/Source/core/workers/WorkerContentSettingsClient.h
index 1eca701..7f12f3b 100644
--- a/third_party/WebKit/Source/core/workers/WorkerContentSettingsClient.h
+++ b/third_party/WebKit/Source/core/workers/WorkerContentSettingsClient.h
@@ -40,6 +40,8 @@
namespace blink {
class ExecutionContext;
+class KURL;
+class SecurityOrigin;
class WebString;
class CORE_EXPORT WorkerContentSettingsClient final
@@ -54,6 +56,9 @@
bool RequestFileSystemAccessSync();
bool AllowIndexedDB(const WebString& name);
+ bool AllowRunningInsecureContent(bool enabled_per_settings,
+ SecurityOrigin*,
+ const KURL&);
static const char* SupplementName();
static WorkerContentSettingsClient* From(ExecutionContext&);
diff --git a/third_party/WebKit/Source/core/workers/WorkerSettings.cpp b/third_party/WebKit/Source/core/workers/WorkerSettings.cpp
index 8852356..c1ffb5a2 100644
--- a/third_party/WebKit/Source/core/workers/WorkerSettings.cpp
+++ b/third_party/WebKit/Source/core/workers/WorkerSettings.cpp
@@ -9,16 +9,15 @@
WorkerSettings::WorkerSettings(Settings* settings) {
if (settings)
this->CopyFlagValuesFromSettings(settings);
- else
- this->SetDefaultValues();
}
void WorkerSettings::CopyFlagValuesFromSettings(Settings* settings) {
disable_reading_from_canvas_ = settings->GetDisableReadingFromCanvas();
-}
-
-void WorkerSettings::SetDefaultValues() {
- disable_reading_from_canvas_ = false;
+ strict_mixed_content_checking_ = settings->GetStrictMixedContentChecking();
+ allow_running_of_insecure_content_ =
+ settings->GetAllowRunningOfInsecureContent();
+ strictly_block_blockable_mixed_content_ =
+ settings->GetStrictlyBlockBlockableMixedContent();
}
} // namespace blink
diff --git a/third_party/WebKit/Source/core/workers/WorkerSettings.h b/third_party/WebKit/Source/core/workers/WorkerSettings.h
index d22d856e..1a169ca 100644
--- a/third_party/WebKit/Source/core/workers/WorkerSettings.h
+++ b/third_party/WebKit/Source/core/workers/WorkerSettings.h
@@ -15,16 +15,27 @@
explicit WorkerSettings(Settings*);
bool DisableReadingFromCanvas() const { return disable_reading_from_canvas_; }
+ bool GetStrictMixedContentChecking() const {
+ return strict_mixed_content_checking_;
+ }
+ bool GetAllowRunningOfInsecureContent() const {
+ return allow_running_of_insecure_content_;
+ }
+ bool GetStrictlyBlockBlockableMixedContent() const {
+ return strictly_block_blockable_mixed_content_;
+ }
private:
void CopyFlagValuesFromSettings(Settings*);
- void SetDefaultValues();
// The settings that are to be copied from main thread to worker thread
// These setting's flag values must remain unchanged throughout the document
// lifecycle.
// We hard-code the flags as there're very few flags at this moment.
- bool disable_reading_from_canvas_;
+ bool disable_reading_from_canvas_ = false;
+ bool strict_mixed_content_checking_ = false;
+ bool allow_running_of_insecure_content_ = false;
+ bool strictly_block_blockable_mixed_content_ = false;
};
} // namespace blink
diff --git a/third_party/WebKit/public/platform/WebWorkerFetchContext.h b/third_party/WebKit/public/platform/WebWorkerFetchContext.h
index ee5cb9f..5c5e811 100644
--- a/third_party/WebKit/public/platform/WebWorkerFetchContext.h
+++ b/third_party/WebKit/public/platform/WebWorkerFetchContext.h
@@ -50,6 +50,10 @@
virtual void SetDataSaverEnabled(bool) = 0;
virtual bool IsDataSaverEnabled() const = 0;
+ // This flag is used to block all mixed content in subframes.
+ virtual void SetIsOnSubframe(bool) {}
+ virtual bool IsOnSubframe() const { return false; }
+
// The URL that should be consulted for the third-party cookie blocking
// policy, as defined in Section 2.1.1 and 2.1.2 of
// https://tools.ietf.org/html/draft-west-first-party-cookies.
@@ -60,6 +64,11 @@
virtual void DidRunContentWithCertificateErrors(const WebURL& url) {}
virtual void DidDisplayContentWithCertificateErrors(const WebURL& url) {}
+ // Reports that the security origin has run active content from an insecure
+ // source.
+ virtual void DidRunInsecureContent(const WebSecurityOrigin&,
+ const WebURL& insecure_url) {}
+
virtual void SetApplicationCacheHostID(int id) {}
virtual int ApplicationCacheHostID() const {
return WebApplicationCacheHost::kAppCacheNoHostId;
