blob: 6c2a80e9918124eaab8232be9e582921f4fb7cbd [file] [log] [blame]
/*
* Copyright (C) 2012 Google Inc. All rights reserved.
* Copyright (C) 2013-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "MixedContentChecker.h"
#include "ContentSecurityPolicy.h"
#include "Document.h"
#include "Frame.h"
#include "FrameDestructionObserverInlines.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "SecurityOrigin.h"
#include "Settings.h"
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
namespace WebCore {
// static
bool MixedContentChecker::isMixedContent(SecurityOrigin& securityOrigin, const URL& url)
{
if (securityOrigin.protocol() != "https"_s)
return false; // We only care about HTTPS security origins.
// We're in a secure context, so |url| is mixed content if it's insecure.
return !SecurityOrigin::isSecure(url);
}
static void logWarning(const Frame& frame, bool allowed, ASCIILiteral action, const URL& target)
{
const char* errorString = allowed ? " was allowed to " : " was not allowed to ";
auto message = makeString((allowed ? "" : "[blocked] "), "The page at ", frame.document()->url().stringCenterEllipsizedToLength(), errorString, action, " insecure content from ", target.stringCenterEllipsizedToLength(), ".\n");
frame.document()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, message);
}
bool MixedContentChecker::canDisplayInsecureContent(Frame& frame, SecurityOrigin& securityOrigin, ContentType type, const URL& url, AlwaysDisplayInNonStrictMode alwaysDisplayInNonStrictMode)
{
if (!isMixedContent(securityOrigin, url))
return true;
if (!frame.document()->contentSecurityPolicy()->allowRunningOrDisplayingInsecureContent(url))
return false;
bool isStrictMode = frame.document()->isStrictMixedContentMode();
if (!isStrictMode && alwaysDisplayInNonStrictMode == AlwaysDisplayInNonStrictMode::Yes)
return true;
bool allowed = !isStrictMode && (frame.settings().allowDisplayOfInsecureContent() || type == ContentType::ActiveCanWarn) && !frame.document()->geolocationAccessed();
logWarning(frame, allowed, "display"_s, url);
if (allowed) {
frame.document()->setFoundMixedContent(SecurityContext::MixedContentType::Inactive);
frame.loader().client().didDisplayInsecureContent();
}
return allowed;
}
bool MixedContentChecker::canRunInsecureContent(Frame& frame, SecurityOrigin& securityOrigin, const URL& url)
{
if (!isMixedContent(securityOrigin, url))
return true;
if (!frame.document()->contentSecurityPolicy()->allowRunningOrDisplayingInsecureContent(url))
return false;
bool allowed = !frame.document()->isStrictMixedContentMode() && frame.settings().allowRunningOfInsecureContent() && !frame.document()->geolocationAccessed() && !frame.document()->secureCookiesAccessed();
logWarning(frame, allowed, "run"_s, url);
if (allowed) {
frame.document()->setFoundMixedContent(SecurityContext::MixedContentType::Active);
frame.loader().client().didRunInsecureContent(securityOrigin, url);
}
return allowed;
}
void MixedContentChecker::checkFormForMixedContent(Frame& frame, SecurityOrigin& securityOrigin, const URL& url)
{
// Unconditionally allow javascript: URLs as form actions as some pages do this and it does not introduce
// a mixed content issue.
if (url.protocolIsJavaScript())
return;
if (!isMixedContent(securityOrigin, url))
return;
auto message = makeString("The page at ", frame.document()->url().stringCenterEllipsizedToLength(), " contains a form which targets an insecure URL ", url.stringCenterEllipsizedToLength(), ".\n");
frame.document()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, message);
frame.loader().client().didDisplayInsecureContent();
}
std::optional<String> MixedContentChecker::checkForMixedContentInFrameTree(const Frame& frame, const URL& url)
{
auto* document = frame.document();
while (document) {
RELEASE_ASSERT_WITH_MESSAGE(document->frame(), "An unparented document tried to connect to a websocket with url: %s", url.string().utf8().data());
auto* frame = document->frame();
if (isMixedContent(document->securityOrigin(), url))
return makeString("The page at ", document->url().stringCenterEllipsizedToLength(), " was blocked from connecting insecurely to ", url.stringCenterEllipsizedToLength(), " either because the protocol is insecure or the page is embedded from an insecure page.");
if (frame->isMainFrame())
break;
frame = frame->tree().parent();
RELEASE_ASSERT_WITH_MESSAGE(frame, "Should never have a parentless non main frame");
document = frame->document();
}
return std::nullopt;
}
} // namespace WebCore