summaryrefslogtreecommitdiff
path: root/chromium/chrome/browser/ui/webui/interstitials
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/chrome/browser/ui/webui/interstitials')
-rw-r--r--chromium/chrome/browser/ui/webui/interstitials/interstitial_ui.cc48
1 files changed, 33 insertions, 15 deletions
diff --git a/chromium/chrome/browser/ui/webui/interstitials/interstitial_ui.cc b/chromium/chrome/browser/ui/webui/interstitials/interstitial_ui.cc
index ec670f5dd01..f0f6eca30f7 100644
--- a/chromium/chrome/browser/ui/webui/interstitials/interstitial_ui.cc
+++ b/chromium/chrome/browser/ui/webui/interstitials/interstitial_ui.cc
@@ -21,6 +21,7 @@
#include "chrome/browser/safe_browsing/test_safe_browsing_blocking_page_quiet.h"
#include "chrome/browser/safe_browsing/ui_manager.h"
#include "chrome/browser/ssl/chrome_security_blocking_page_factory.h"
+#include "chrome/browser/ssl/insecure_form/insecure_form_controller_client.h"
#include "chrome/common/buildflags.h"
#include "chrome/common/url_constants.h"
#include "components/captive_portal/core/buildflags.h"
@@ -29,6 +30,7 @@
#include "components/safe_browsing/core/db/database_manager.h"
#include "components/security_interstitials/content/bad_clock_blocking_page.h"
#include "components/security_interstitials/content/blocked_interception_blocking_page.h"
+#include "components/security_interstitials/content/insecure_form_blocking_page.h"
#include "components/security_interstitials/content/legacy_tls_blocking_page.h"
#include "components/security_interstitials/content/mitm_software_blocking_page.h"
#include "components/security_interstitials/content/origin_policy_ui.h"
@@ -51,6 +53,7 @@
#include "net/ssl/ssl_info.h"
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "services/network/public/cpp/origin_policy.h"
+#include "services/network/public/mojom/content_security_policy.mojom.h"
#include "ui/base/resource/resource_bundle.h"
#include "ui/base/webui/web_ui_util.h"
@@ -98,9 +101,8 @@ class InterstitialHTMLSource : public content::URLDataSource {
// content::URLDataSource:
std::string GetMimeType(const std::string& mime_type) override;
std::string GetSource() override;
- std::string GetContentSecurityPolicyScriptSrc() override;
- std::string GetContentSecurityPolicyStyleSrc() override;
- std::string GetContentSecurityPolicyImgSrc() override;
+ std::string GetContentSecurityPolicy(
+ const network::mojom::CSPDirectiveName directive) override;
void StartDataRequest(
const GURL& url,
const content::WebContents::Getter& wc_getter,
@@ -264,14 +266,27 @@ std::unique_ptr<LookalikeUrlBlockingPage> CreateLookalikeInterstitialPage(
content::WebContents* web_contents) {
GURL request_url("https://example.net");
GURL safe_url("https://example.com");
-
+ std::string url_param;
+ if (net::GetValueForKeyInQuery(web_contents->GetURL(), "no-safe-url",
+ &url_param)) {
+ safe_url = GURL();
+ }
return std::make_unique<LookalikeUrlBlockingPage>(
- web_contents, safe_url, ukm::kInvalidSourceId,
+ web_contents, safe_url, request_url, ukm::kInvalidSourceId,
LookalikeUrlMatchType::kNone,
std::make_unique<LookalikeUrlControllerClient>(web_contents, request_url,
safe_url));
}
+std::unique_ptr<security_interstitials::InsecureFormBlockingPage>
+CreateInsecureFormPage(content::WebContents* web_contents) {
+ GURL request_url("http://example.com");
+ return std::make_unique<security_interstitials::InsecureFormBlockingPage>(
+ web_contents, request_url,
+ std::make_unique<InsecureFormControllerClient>(web_contents,
+ request_url));
+}
+
std::unique_ptr<safe_browsing::SafeBrowsingBlockingPage>
CreateSafeBrowsingBlockingPage(content::WebContents* web_contents) {
safe_browsing::SBThreatType threat_type =
@@ -451,17 +466,18 @@ std::string InterstitialHTMLSource::GetSource() {
return chrome::kChromeUIInterstitialHost;
}
-std::string InterstitialHTMLSource::GetContentSecurityPolicyScriptSrc() {
- // 'unsafe-inline' is added to script-src.
- return "script-src chrome://resources 'self' 'unsafe-inline';";
-}
-
-std::string InterstitialHTMLSource::GetContentSecurityPolicyStyleSrc() {
- return "style-src 'self' 'unsafe-inline';";
-}
+std::string InterstitialHTMLSource::GetContentSecurityPolicy(
+ const network::mojom::CSPDirectiveName directive) {
+ if (directive == network::mojom::CSPDirectiveName::ScriptSrc) {
+ // 'unsafe-inline' is added to script-src.
+ return "script-src chrome://resources 'self' 'unsafe-inline';";
+ } else if (directive == network::mojom::CSPDirectiveName::StyleSrc) {
+ return "style-src 'self' 'unsafe-inline';";
+ } else if (directive == network::mojom::CSPDirectiveName::ImgSrc) {
+ return "img-src data:;";
+ }
-std::string InterstitialHTMLSource::GetContentSecurityPolicyImgSrc() {
- return "img-src data:;";
+ return content::URLDataSource::GetContentSecurityPolicy(directive);
}
void InterstitialHTMLSource::StartDataRequest(
@@ -506,6 +522,8 @@ void InterstitialHTMLSource::StartDataRequest(
#endif
} else if (path_without_query == "/origin_policy") {
interstitial_delegate = CreateOriginPolicyInterstitialPage(web_contents);
+ } else if (path_without_query == "/insecure_form") {
+ interstitial_delegate = CreateInsecureFormPage(web_contents);
}
if (path_without_query == "/quietsafebrowsing") {
View Lorry Controller Status