New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 631525 link

Starred by 3 users
Status: Fixed
Owner:
carlosk@chromium.org
Closed: Nov 2016
Cc:
mkwst@chromium.org
est...@chromium.org
f...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug
Proj-Servicification

Blocking:
issue 576270



Sign in to add a comment

remove blink settings for blocking display of mixed content

Project Member Reported by est...@chromium.org, Jul 26 2016 
see https://codereview.chromium.org/2167513002#msg7
see also  bug 628812 

Note that android webview might need/want some of this code. When I tried to remove it, AW complained because it broke MIXED_CONTENT_NEVER_ALLOW. But it seems like ideally AW should be doing the same thing in that case that desktop chrome does for --enable-strict-mixed-content-checking.

+felt to triage.

Comment 1 by bokan@chromium.org, Jul 26 2016

Components: -Blink Blink>Internals
Labels: Hotlist-CodeHealth

Comment 2 by f...@chromium.org, Aug 19 2016

Cc: f...@chromium.org est...@chromium.org
Owner: ----

Comment 3 by carlosk@chromium.org, Aug 20 2016

Blocking: 576270
Owner: carlosk@chromium.org
Status: Started (was: Assigned)
As this change will have an effect on my work on moving mixed content checks to the browser ( issue 576270 ) I'll make this happen.

Comment 4 by tkent@chromium.org, Aug 23 2016

Components: -Blink>Internals Blink>SecurityFeature
Project Member

Comment 5 by bugdroid1@chromium.org, Sep 8 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5f1c51795e03c929c36eb05960d5ff4fbcb16c37

commit 5f1c51795e03c929c36eb05960d5ff4fbcb16c37
Author: carlosk <carlosk@chromium.org>
Date: Thu Sep 08 18:59:31 2016

Remove the allow-displaying-mixed-content setting from Blink.

As the ability for the user to avoid the displaying of mixed content
was recently removed the respective Blink setting didn't need to exist
anymore. This change removes it and also updates tests and other
dependencies.

BUG= 631525 

Review-Url: https://codereview.chromium.org/2278303002
Cr-Commit-Position: refs/heads/master@{#417354}

[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/android_webview/java/src/org/chromium/android_webview/AwSettings.java
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/android_webview/native/aw_settings.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/android_webview/renderer/aw_content_settings_client.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/android_webview/renderer/aw_content_settings_client.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/chrome/browser/prefs/browser_prefs.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/chrome/browser/ui/prefs/prefs_tab_helper.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/chrome/common/pref_names.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/chrome/common/pref_names.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/chrome/renderer/content_settings_observer.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/chrome/renderer/content_settings_observer.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/components/test_runner/layout_test_runtime_flags.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/components/test_runner/layout_test_runtime_flags.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/components/test_runner/mock_content_settings_client.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/components/test_runner/mock_content_settings_client.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/components/test_runner/test_preferences.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/components/test_runner/test_preferences.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/components/test_runner/test_runner.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/components/test_runner/test_runner.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/content/public/common/common_param_traits_macros.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/content/public/common/web_preferences.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/content/public/common/web_preferences.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/content/renderer/render_view_impl.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/content/shell/renderer/layout_test/blink_test_helpers.cc
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/fetch/resources/init.js
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/inspector-protocol/resources/mixed-content-type-test.js
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-empty-srcset-in-main-frame-blocked.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-main-frame-allowed.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-formSubmission-in-main-frame-blocked.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed-expected.txt
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-allowed.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked-expected.txt
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-blocked.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/insecure-srcset-in-main-frame-blocked.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/preload-insecure-image-in-main-frame-blocked.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/security/resources/referrer-policy-conflicting-policies.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-inscope.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-mixed-content-to-outscope.html
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/Source/core/frame/Settings.in
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/Source/core/loader/FrameLoaderClient.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/Source/web/FrameLoaderClientImpl.cpp
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/Source/web/FrameLoaderClientImpl.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/Source/web/WebEmbeddedWorkerImpl.cpp
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/Source/web/WebSettingsImpl.cpp
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/Source/web/WebSettingsImpl.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/public/web/WebContentSettingsClient.h
[modify] https://crrev.com/5f1c51795e03c929c36eb05960d5ff4fbcb16c37/third_party/WebKit/public/web/WebSettings.h

Comment 6 by carlosk@chromium.org, Sep 20 2016

Status: Fixed (was: Started)

Comment 7 by carlosk@chromium.org, Nov 16 2016

Cc: mkwst@chromium.org
Status: Assigned (was: Fixed)
I noticed a divergence in the way passive mixed-content is reported with the change landed in #5.

See the change in MixedContentChecker.cpp [1] in which the |client->allowDisplayingInsecureContent| call was replaced with |client->passiveInsecureContentFound|, as the checking for allowing display of mixed content was removed but the reporting of it is kept.

Looking at the diff one can see that if |stricMode| was enabled the call to |allowDisplayingInsecureContent| woud *not* happen. But with the landed change the call to |passiveInsecureContentFound| *will* happen, changing the reporting characteristic.

My main motivation for fixing this was in fact my assumption that I would be able to consolidate the |ContentSettingsObserver::passiveInsecureContentFound| [2] and |RenderFrameImpl::didDisplayInsecureContent| [3] implementations into a single call to the latter. But alas I was unable to because the latter lives in content/ which can't directly call into chrome/ where the implementation of the former lives. Also |RenderFrameImpl| already implements the "brother method" |didRunInsecureContent| and I didn't want to move only one out of there (into chrome/) nor move both.

So I'm limiting the change to only reverting the passive mixed content reporting to what it used to be in MixedContentChecker.cpp.


[1] https://codereview.chromium.org/2278303002/diff/120001/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

[2] https://cs.chromium.org/chromium/src/chrome/renderer/content_settings_observer.cc?type=cs&q="ContentSettingsObserver::passiveInsecureContentFound"

[3] https://cs.chromium.org/chromium/src/content/renderer/render_frame_impl.cc?type=cs&q="RenderFrameImpl::didDisplayInsecureContent"
Project Member

Comment 8 by bugdroid1@chromium.org, Nov 17 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/51e11a5caf3c825cf7b859948c3cc181a1dcff15

commit 51e11a5caf3c825cf7b859948c3cc181a1dcff15
Author: carlosk <carlosk@chromium.org>
Date: Thu Nov 17 21:37:18 2016

Small fix to passive mixed-content reporting.

There was a change in passive mixed-content reporting behavior when
https://crrev.com/2278303002 landed: whereas before this reporting would
only occurr if |stricMode| was not true, with that change it would
always happen. This change simply reverts to the previous behavior.

BUG= 631525 

Review-Url: https://codereview.chromium.org/2497893006
Cr-Commit-Position: refs/heads/master@{#432966}

[modify] https://crrev.com/51e11a5caf3c825cf7b859948c3cc181a1dcff15/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp

Comment 9 by carlosk@chromium.org, Nov 17 2016

Status: Fixed (was: Assigned)

Comment 10 by laforge@google.com, Nov 7 2017

Components: Internals>Network>Service

Comment 11 by laforge@google.com, Nov 7 2017

Components: -Internals>Network>Service Internals>Services>Network
Apologies, applied the wrong component in bulk.

Sign in to add a comment