Commit e6478ca4 authored by Sigurd Schneider's avatar Sigurd Schneider Committed by Commit Bot

Report isSecureContext on frame

Bug: chromium:1051466
Change-Id: If446b94c7626bc691cf456db1950e10224fd9a9b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2323681
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: default avatarAndrey Kosyakov <caseq@chromium.org>
Reviewed-by: default avatarMike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#799630}
parent cd69e8f5
...@@ -5712,6 +5712,28 @@ domain Page ...@@ -5712,6 +5712,28 @@ domain Page
# This frame is the root of an ad frame. # This frame is the root of an ad frame.
root root
# Indicates whether the frame is a secure context and why it is the case.
experimental type SecureContextType extends string
enum
# The origin is a secure context.
Secure
# The host is localhost and hence is considered secure.
SecureLocalhost
# The origin has an insecure scheme and is not localhost.
InsecureScheme
# One of the ancestor frames is not a secure context.
InsecureAncestor
# Indicates whether the frame is cross-origin isolated and why it is the case.
experimental type CrossOriginIsolatedContextType extends string
enum
# The origin is cross-origin isolated.
Isolated
# The origin is not cross-origin isolated.
NotIsolated
# The cross-origin isolation feature is disabled.
NotIsolatedFeatureDisabled
# Information about the Frame on the page. # Information about the Frame on the page.
type Frame extends object type Frame extends object
properties properties
...@@ -5740,6 +5762,10 @@ domain Page ...@@ -5740,6 +5762,10 @@ domain Page
experimental optional string unreachableUrl experimental optional string unreachableUrl
# Indicates whether this frame was tagged as an ad. # Indicates whether this frame was tagged as an ad.
experimental optional AdFrameType adFrameType experimental optional AdFrameType adFrameType
# Indicates whether the main document is a secure context and explains why that is the case.
experimental SecureContextType secureContextType
# Indicates whether this is a cross origin isolated context.
experimental CrossOriginIsolatedContextType crossOriginIsolatedContextType
# Information about the Resource on the page. # Information about the Resource on the page.
experimental type FrameResource extends object experimental type FrameResource extends object
......
...@@ -95,13 +95,23 @@ void SecurityContext::SetSecurityOrigin( ...@@ -95,13 +95,23 @@ void SecurityContext::SetSecurityOrigin(
if (!security_origin_->IsPotentiallyTrustworthy()) { if (!security_origin_->IsPotentiallyTrustworthy()) {
secure_context_mode_ = SecureContextMode::kInsecureContext; secure_context_mode_ = SecureContextMode::kInsecureContext;
secure_context_explanation_ = SecureContextModeExplanation::kInsecureScheme;
} else if (SchemeRegistry::SchemeShouldBypassSecureContextCheck( } else if (SchemeRegistry::SchemeShouldBypassSecureContextCheck(
security_origin_->Protocol())) { security_origin_->Protocol())) {
secure_context_mode_ = SecureContextMode::kSecureContext; secure_context_mode_ = SecureContextMode::kSecureContext;
secure_context_explanation_ = SecureContextModeExplanation::kSecure;
} else if (execution_context_) { } else if (execution_context_) {
secure_context_mode_ = execution_context_->HasInsecureContextInAncestors() if (execution_context_->HasInsecureContextInAncestors()) {
? SecureContextMode::kInsecureContext secure_context_mode_ = SecureContextMode::kInsecureContext;
: SecureContextMode::kSecureContext; secure_context_explanation_ =
SecureContextModeExplanation::kInsecureAncestor;
} else {
secure_context_mode_ = SecureContextMode::kSecureContext;
secure_context_explanation_ =
security_origin_->IsLocalhost()
? SecureContextModeExplanation::kSecureLocalhost
: SecureContextModeExplanation::kSecure;
}
} }
bool is_secure = secure_context_mode_ == SecureContextMode::kSecureContext; bool is_secure = secure_context_mode_ == SecureContextMode::kSecureContext;
......
...@@ -57,6 +57,14 @@ using ParsedFeaturePolicy = std::vector<ParsedFeaturePolicyDeclaration>; ...@@ -57,6 +57,14 @@ using ParsedFeaturePolicy = std::vector<ParsedFeaturePolicyDeclaration>;
enum class SecureContextMode { kInsecureContext, kSecureContext }; enum class SecureContextMode { kInsecureContext, kSecureContext };
// Explanation as to why |SecureContextMode| was set as it was set.
enum class SecureContextModeExplanation {
kSecure,
kSecureLocalhost,
kInsecureScheme,
kInsecureAncestor,
};
// Whether to report policy violations when checking whether a feature is // Whether to report policy violations when checking whether a feature is
// enabled. // enabled.
enum class ReportOptions { kReportOnFailure, kDoNotReport }; enum class ReportOptions { kReportOnFailure, kDoNotReport };
...@@ -170,6 +178,10 @@ class CORE_EXPORT SecurityContext { ...@@ -170,6 +178,10 @@ class CORE_EXPORT SecurityContext {
return secure_context_mode_; return secure_context_mode_;
} }
SecureContextModeExplanation GetSecureContextModeExplanation() const {
return secure_context_explanation_;
}
protected: protected:
network::mojom::blink::WebSandboxFlags sandbox_flags_; network::mojom::blink::WebSandboxFlags sandbox_flags_;
scoped_refptr<SecurityOrigin> security_origin_; scoped_refptr<SecurityOrigin> security_origin_;
...@@ -186,6 +198,8 @@ class CORE_EXPORT SecurityContext { ...@@ -186,6 +198,8 @@ class CORE_EXPORT SecurityContext {
InsecureNavigationsSet insecure_navigations_to_upgrade_; InsecureNavigationsSet insecure_navigations_to_upgrade_;
bool require_safe_types_ = false; bool require_safe_types_ = false;
SecureContextMode secure_context_mode_ = SecureContextMode::kInsecureContext; SecureContextMode secure_context_mode_ = SecureContextMode::kInsecureContext;
SecureContextModeExplanation secure_context_explanation_ =
SecureContextModeExplanation::kInsecureScheme;
}; };
} // namespace blink } // namespace blink
......
...@@ -60,6 +60,7 @@ ...@@ -60,6 +60,7 @@
#include "third_party/blink/renderer/core/inspector/inspected_frames.h" #include "third_party/blink/renderer/core/inspector/inspected_frames.h"
#include "third_party/blink/renderer/core/inspector/inspector_css_agent.h" #include "third_party/blink/renderer/core/inspector/inspector_css_agent.h"
#include "third_party/blink/renderer/core/inspector/inspector_resource_content_loader.h" #include "third_party/blink/renderer/core/inspector/inspector_resource_content_loader.h"
#include "third_party/blink/renderer/core/inspector/protocol/Page.h"
#include "third_party/blink/renderer/core/inspector/v8_inspector_string.h" #include "third_party/blink/renderer/core/inspector/v8_inspector_string.h"
#include "third_party/blink/renderer/core/layout/adjust_for_absolute_zoom.h" #include "third_party/blink/renderer/core/layout/adjust_for_absolute_zoom.h"
#include "third_party/blink/renderer/core/loader/document_loader.h" #include "third_party/blink/renderer/core/loader/document_loader.h"
...@@ -1062,6 +1063,33 @@ void InspectorPageAgent::WindowOpen(Document* document, ...@@ -1062,6 +1063,33 @@ void InspectorPageAgent::WindowOpen(Document* document,
GetFrontend()->flush(); GetFrontend()->flush();
} }
namespace {
protocol::Page::SecureContextType CreateProtocolSecureContextType(
SecureContextModeExplanation explanation) {
switch (explanation) {
case SecureContextModeExplanation::kSecure:
return protocol::Page::SecureContextTypeEnum::Secure;
case SecureContextModeExplanation::kInsecureAncestor:
return protocol::Page::SecureContextTypeEnum::InsecureAncestor;
case SecureContextModeExplanation::kInsecureScheme:
return protocol::Page::SecureContextTypeEnum::InsecureScheme;
case SecureContextModeExplanation::kSecureLocalhost:
return protocol::Page::SecureContextTypeEnum::SecureLocalhost;
}
}
protocol::Page::CrossOriginIsolatedContextType
CreateProtocolCrossOriginIsolatedContextType(ExecutionContext* context) {
if (context->IsCrossOriginIsolated()) {
return protocol::Page::CrossOriginIsolatedContextTypeEnum::Isolated;
} else if (context->IsFeatureEnabled(
mojom::blink::FeaturePolicyFeature::kCrossOriginIsolated)) {
return protocol::Page::CrossOriginIsolatedContextTypeEnum::NotIsolated;
}
return protocol::Page::CrossOriginIsolatedContextTypeEnum::
NotIsolatedFeatureDisabled;
}
} // namespace
std::unique_ptr<protocol::Page::Frame> InspectorPageAgent::BuildObjectForFrame( std::unique_ptr<protocol::Page::Frame> InspectorPageAgent::BuildObjectForFrame(
LocalFrame* frame) { LocalFrame* frame) {
DocumentLoader* loader = frame->Loader().GetDocumentLoader(); DocumentLoader* loader = frame->Loader().GetDocumentLoader();
...@@ -1077,6 +1105,12 @@ std::unique_ptr<protocol::Page::Frame> InspectorPageAgent::BuildObjectForFrame( ...@@ -1077,6 +1105,12 @@ std::unique_ptr<protocol::Page::Frame> InspectorPageAgent::BuildObjectForFrame(
.setMimeType(frame->Loader().GetDocumentLoader()->MimeType()) .setMimeType(frame->Loader().GetDocumentLoader()->MimeType())
.setSecurityOrigin( .setSecurityOrigin(
SecurityOrigin::Create(loader->Url())->ToRawString()) SecurityOrigin::Create(loader->Url())->ToRawString())
.setSecureContextType(CreateProtocolSecureContextType(
frame->DomWindow()
->GetSecurityContext()
.GetSecureContextModeExplanation()))
.setCrossOriginIsolatedContextType(
CreateProtocolCrossOriginIsolatedContextType(frame->DomWindow()))
.build(); .build();
if (loader->Url().HasFragmentIdentifier()) if (loader->Url().HasFragmentIdentifier())
frame_object->setUrlFragment("#" + loader->Url().FragmentIdentifier()); frame_object->setUrlFragment("#" + loader->Url().FragmentIdentifier());
......
Tests that Page.frameNavigated reports isSecureOrigin[Explanation] correctly
Navigate to localhost
{
"securityOrigin": "http://localhost:8000",
"secureContextType": "SecureLocalhost"
}
{
"securityOrigin": "https://devtools.test:8443",
"secureContextType": "Secure"
}
Navigate to URL without secure scheme
{
"securityOrigin": "http://devtools.test:8000",
"secureContextType": "InsecureScheme"
}
{
"securityOrigin": "https://devtools.test:8443",
"secureContextType": "InsecureAncestor"
}
Navigate to URL with secure scheme
{
"securityOrigin": "https://localhost:8443",
"secureContextType": "SecureLocalhost"
}
{
"securityOrigin": "https://devtools.test:8443",
"secureContextType": "Secure"
}
(async function(testRunner) {
var {page, session, dp} = await testRunner.startBlank('Tests that Page.frameNavigated reports isSecureOrigin[Explanation] correctly');
await dp.Page.enable();
function onFrameNavigated(event) {
const frame = event.params.frame;
testRunner.log(JSON.stringify(frame, ["securityOrigin", "secureContextType"], 2));
}
dp.Page.onFrameNavigated(onFrameNavigated);
dp.Target.onAttachedToTarget(async e => {
const dp2 = session.createChild(e.params.sessionId).protocol;
await dp2.Page.enable();
dp2.Page.onFrameNavigated(onFrameNavigated);
await dp2.Runtime.runIfWaitingForDebugger();
});
await dp.Target.setAutoAttach({autoAttach: true, waitForDebuggerOnStart: true, flatten: true});
testRunner.log('Navigate to localhost');
await session.navigate('http://localhost:8000/inspector-protocol/resources/security-origin-testpage.html');
testRunner.log('Navigate to URL without secure scheme');
await session.navigate('http://devtools.test:8000/inspector-protocol/resources/security-origin-testpage.html');
testRunner.log('Navigate to URL with secure scheme');
await session.navigate('https://localhost:8443/inspector-protocol/resources/security-origin-testpage.html');
testRunner.completeTest();
})
<html>
<body>
<div id="rootDiv">Root div text</div>
<iframe src="https://devtools.test:8443/inspector-protocol/resources/test-page.html"></iframe>
</body>
</html>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment