Block mixed mode content
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Mar 2015 04:43:12 +0000 (04:43 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Mar 2015 04:43:12 +0000 (04:43 +0000)
commita985b890e0ee579c01ca319fef8ba3bd92efbe6b
tree77aa7943ee0ee81701a0b70f20cd52593e48babb
parent9db72c32d1b3c9eba805c7a5b2926696cfe01f0f
Block mixed mode content
https://bugs.webkit.org/show_bug.cgi?id=142378

Reviewed by Darin Adler.

Source/WebCore:

Switched to blocking mixed mode content by default,
and modify the blocking rules to allow us to match
the behaviours of other browsers.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* loader/MixedContentChecker.cpp:
(WebCore::MixedContentChecker::canDisplayInsecureContent):
(WebCore::MixedContentChecker::canRunInsecureContent):
(WebCore::MixedContentChecker::logWarning):
* loader/MixedContentChecker.h:
* loader/cache/CachedResourceLoader.cpp:
(WebCore::contentTypeFromResourceType):
(WebCore::CachedResourceLoader::checkInsecureContent):
* page/Settings.in:

LayoutTests:

Update test results to reflect the new reality.

* http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt:
* http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt:
* http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt:
* http/tests/security/mixedContent/insecure-image-in-main-frame-expected.txt:
* http/tests/security/mixedContent/insecure-plugin-in-iframe-expected.txt:
* http/tests/security/mixedContent/insecure-script-in-iframe-expected.txt:
* http/tests/security/mixedContent/insecure-xhr-in-main-frame-expected.txt:
* http/tests/security/mixedContent/insecure-xhr-in-main-frame.html:
* http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt:
* http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html:
* http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt:
* http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt:
* http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html:
* http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt:
* http/tests/security/mixedContent/resources/frame-with-insecure-frame.html:
* http/tests/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html:
* http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-frame.html:
* http/tests/xmlhttprequest/access-control-response-with-body.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@181134 268f45cc-cd09-0410-ab3c-d52691b4dbfc
33 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt
LayoutTests/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt
LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-expected.txt
LayoutTests/http/tests/security/mixedContent/insecure-plugin-in-iframe-expected.txt
LayoutTests/http/tests/security/mixedContent/insecure-script-in-iframe-expected.txt
LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame-expected.txt
LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.html
LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html
LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt
LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt
LayoutTests/http/tests/security/mixedContent/resources/frame-with-insecure-frame.html
LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html
LayoutTests/http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-frame.html
LayoutTests/http/tests/xmlhttprequest/access-control-response-with-body.html
LayoutTests/imported/w3c/web-platform-tests/_certs/01.pem
LayoutTests/imported/w3c/web-platform-tests/_certs/02.pem
LayoutTests/imported/w3c/web-platform-tests/_certs/cacert.pem
LayoutTests/imported/w3c/web-platform-tests/_certs/cakey.pem
LayoutTests/imported/w3c/web-platform-tests/_certs/index.txt.old
LayoutTests/imported/w3c/web-platform-tests/_certs/localhost.key
LayoutTests/imported/w3c/web-platform-tests/_certs/localhost.pem
LayoutTests/imported/w3c/web-platform-tests/_certs/serial
Source/WebCore/ChangeLog
Source/WebCore/loader/DocumentLoader.cpp
Source/WebCore/loader/MixedContentChecker.cpp
Source/WebCore/loader/MixedContentChecker.h
Source/WebCore/loader/cache/CachedResourceLoader.cpp
Source/WebCore/page/Settings.in