Disable mixed content autoupgrades in webview when necessary

Android webview has an embedding app controlled setting to allow mixed
content, this makes it so that setting is followed when deciding
whether or not to autoupgrade mixed content to HTTPS. This is covered
by existing tests (testAllowMixedMode in AwSettingsTest.java) that
will be set to run with the feature before launching.

Bug: 1016573
Change-Id: I83c6a3b10a25bda374686537e4df24a17eb8cd6a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1947950
Commit-Queue: Carlos IL <carlosil@chromium.org>
Reviewed-by: Changwan Ryu <changwan@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#721927}

android_webview/browser/aw_settings.cc

@@ -509,6 +509,9 @@ void AwSettings::PopulateWebPreferencesLocked(JNIEnv* env,
   web_prefs->scroll_top_left_interop_enabled =
       Java_AwSettings_getScrollTopLeftInteropEnabledLocked(env, obj);
 
+  web_prefs->allow_mixed_content_upgrades =
+      Java_AwSettings_getAllowMixedContentAutoupgradesLocked(env, obj);
+
   bool is_dark_mode;
   switch (Java_AwSettings_getForceDarkModeLocked(env, obj)) {
     case ForceDarkMode::FORCE_DARK_OFF:

android_webview/java/src/org/chromium/android_webview/AwSettings.java

@@ -1764,6 +1764,18 @@ public class AwSettings {
         return mMixedContentMode == WebSettings.MIXED_CONTENT_NEVER_ALLOW;
     }
 
+    @CalledByNative
+    private boolean getAllowMixedContentAutoupgradesLocked() {
+        assert Thread.holdsLock(mAwSettingsLock);
+        // We only allow mixed content autoupgrades (upgrading HTTP subresources to HTTPS in HTTPS
+        // sites) when the mixed content mode is set to MIXED_CONTENT_COMPATIBILITY, which keeps it
+        // in line with the behavior in Chrome. With MIXED_CONTENT_ALWAYS_ALLOW, we disable
+        // autoupgrades since the developer is explicitly allowing mixed content, whereas with
+        // MIXED_CONTENT_NEVER_ALLOW, there is no need to autoupgrade since the content will be
+        // blocked.
+        return mMixedContentMode == WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE;
+    }
+
     public boolean getOffscreenPreRaster() {
         synchronized (mAwSettingsLock) {
             return getOffscreenPreRasterLocked();

android_webview/renderer/aw_content_settings_client.cc

@@ -4,6 +4,7 @@
 
 #include "android_webview/renderer/aw_content_settings_client.h"
 
+#include "content/public/common/web_preferences.h"
 #include "content/public/renderer/render_frame.h"
 #include "third_party/blink/public/platform/web_url.h"
 #include "third_party/blink/public/web/web_local_frame.h"
@@ -39,6 +40,10 @@ bool AwContentSettingsClient::AllowRunningInsecureContent(
   return enabled_per_settings ? true : AllowMixedContent(url);
 }
 
+bool AwContentSettingsClient::ShouldAutoupgradeMixedContent() {
+  return render_frame()->GetWebkitPreferences().allow_mixed_content_upgrades;
+}
+
 void AwContentSettingsClient::OnDestruct() {
   delete this;
 }

android_webview/renderer/aw_content_settings_client.h

@@ -26,6 +26,7 @@ class AwContentSettingsClient : public content::RenderFrameObserver,
   // blink::WebContentSettingsClient implementation.
   bool AllowRunningInsecureContent(bool enabled_per_settings,
                                    const blink::WebURL& url) override;
+  bool ShouldAutoupgradeMixedContent() override;
 
   DISALLOW_COPY_AND_ASSIGN(AwContentSettingsClient);
 };

content/public/common/common_param_traits_macros.h

@@ -252,6 +252,7 @@ IPC_STRUCT_TRAITS_BEGIN(content::WebPreferences)
   IPC_STRUCT_TRAITS_MEMBER(lazy_frame_loading_distance_thresholds_px)
   IPC_STRUCT_TRAITS_MEMBER(lazy_image_loading_distance_thresholds_px)
   IPC_STRUCT_TRAITS_MEMBER(lazy_image_first_k_fully_load)
+  IPC_STRUCT_TRAITS_MEMBER(allow_mixed_content_upgrades)
 IPC_STRUCT_TRAITS_END()
 
 IPC_STRUCT_TRAITS_BEGIN(blink::mojom::WindowFeatures)

content/public/common/web_preferences.cc

@@ -228,7 +228,8 @@ WebPreferences::WebPreferences()
       picture_in_picture_enabled(true),
       translate_service_available(false),
       network_quality_estimator_web_holdback(
-          net::EFFECTIVE_CONNECTION_TYPE_UNKNOWN) {
+          net::EFFECTIVE_CONNECTION_TYPE_UNKNOWN),
+      allow_mixed_content_upgrades(true) {
   standard_font_family_map[kCommonScript] =
       base::ASCIIToUTF16("Times New Roman");
   fixed_font_family_map[kCommonScript] = base::ASCIIToUTF16("Courier New");

content/public/common/web_preferences.h

@@ -345,6 +345,10 @@ struct CONTENT_EXPORT WebPreferences {
       lazy_image_loading_distance_thresholds_px;
   std::map<net::EffectiveConnectionType, int> lazy_image_first_k_fully_load;
 
+  // Setting to false disables upgrades to HTTPS for HTTP resources in HTTPS
+  // sites.
+  bool allow_mixed_content_upgrades;
+
   // We try to keep the default values the same as the default values in
   // chrome, except for the cases where it would require lots of extra work for
   // the embedder to use the same default value.