1/* 2 * Copyright (C) 2012 Google Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * * Neither the name of Google Inc. nor the names of its 15 * contributors may be used to endorse or promote products derived from 16 * this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31#ifndef MixedContentChecker_h 32#define MixedContentChecker_h 33 34#include "platform/heap/Handle.h" 35#include "public/platform/WebURLRequest.h" 36#include "wtf/text/WTFString.h" 37 38namespace blink { 39 40class FrameLoaderClient; 41class LocalFrame; 42class KURL; 43class SecurityOrigin; 44 45class MixedContentChecker FINAL { 46 WTF_MAKE_NONCOPYABLE(MixedContentChecker); 47 DISALLOW_ALLOCATION(); 48public: 49 explicit MixedContentChecker(LocalFrame*); 50 51 static bool shouldBlockFetch(LocalFrame*, const ResourceRequest&, const KURL&); 52 53 bool canDisplayInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const 54 { 55 return canDisplayInsecureContentInternal(securityOrigin, url, MixedContentChecker::Display); 56 } 57 58 bool canRunInsecureContent(SecurityOrigin* securityOrigin, const KURL& url) const 59 { 60 return canRunInsecureContentInternal(securityOrigin, url, MixedContentChecker::Execution); 61 } 62 63 bool canSubmitToInsecureForm(SecurityOrigin*, const KURL&) const; 64 bool canConnectInsecureWebSocket(SecurityOrigin*, const KURL&) const; 65 bool canFrameInsecureContent(SecurityOrigin*, const KURL&) const; 66 static bool isMixedContent(SecurityOrigin*, const KURL&); 67 68 static void checkMixedPrivatePublic(LocalFrame*, const AtomicString& resourceIPAddress); 69 70 void trace(Visitor*); 71 72private: 73 enum MixedContentType { 74 Display, 75 Execution, 76 WebSocket, 77 Submission 78 }; 79 80 enum ContextType { 81 ContextTypeBlockable, 82 ContextTypeOptionallyBlockable, 83 ContextTypeShouldBeBlockable, 84 ContextTypeBlockableUnlessLax 85 }; 86 87 static ContextType contextTypeFromContext(WebURLRequest::RequestContext); 88 static const char* typeNameFromContext(WebURLRequest::RequestContext); 89 static void logToConsole(LocalFrame*, const KURL&, WebURLRequest::RequestContext, bool allowed); 90 91 // FIXME: This should probably have a separate client from FrameLoader. 92 FrameLoaderClient* client() const; 93 94 bool canDisplayInsecureContentInternal(SecurityOrigin*, const KURL&, const MixedContentType) const; 95 96 bool canRunInsecureContentInternal(SecurityOrigin*, const KURL&, const MixedContentType) const; 97 98 void logWarning(bool allowed, const KURL& i, const MixedContentType) const; 99 100 RawPtrWillBeMember<LocalFrame> m_frame; 101}; 102 103} // namespace blink 104 105#endif // MixedContentChecker_h 106