Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Add option to allow mixed content #3447

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions app/extensions/brave/locales/en-US/app.properties
Original file line number Diff line number Diff line change
Expand Up @@ -190,3 +190,4 @@ phone=Phone
email=Email
editAddress=Edit Address
editCreditCard=Edit Credit Card
allowRunInsecureContent=Allow Run Insecure Content
2 changes: 2 additions & 0 deletions app/sessionStore.js
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,8 @@ module.exports.cleanAppData = (data, isShutdown) => {
if (typeof expireTime === 'number' && expireTime < now) {
delete data.siteSettings[host].flash
}
// Don't write runInsecureContent to session
delete data.siteSettings[host].runInsecureContent
}
if (data.sites) {
const clearHistory = isShutdown && getSetting(settings.SHUTDOWN_CLEAR_HISTORY) === true
Expand Down
4 changes: 2 additions & 2 deletions docs/state.md
Original file line number Diff line number Diff line change
Expand Up @@ -267,8 +267,8 @@ WindowStore
realm: string
},
isExtendedValidation: boolean, // is using https ev
activeMixedContent: boolean, // has active mixed content
passiveMixedContent: boolean, // has passive mixed content
runInsecureContent: boolean, // has active mixed content
blockedRunInsecureContent: string, // first domain of blocked active mixed content
},
parentFrameKey: number, // the key of the frame this frame was opened from
modalPromptDetail: {...},
Expand Down
13 changes: 13 additions & 0 deletions docs/windowActions.md
Original file line number Diff line number Diff line change
Expand Up @@ -753,6 +753,19 @@ Sets the manage autofill credit card popup detail



### setBlockedRunInsecureContent(frameProps, source)

Sets page url with blocked active mixed content.

**Parameters**

**frameProps**: `Object`, The frame to set source of
blocked active mixed content on

**source**: `string`, Source of blocked active mixed content




* * *

Expand Down
14 changes: 14 additions & 0 deletions js/actions/windowActions.js
Original file line number Diff line number Diff line change
Expand Up @@ -971,6 +971,20 @@ const windowActions = {
currentDetail,
originalDetail
})
},

/**
* Sets page url with blocked active mixed content.
* @param {Object} frameProps - The frame to set source of
* blocked active mixed content on
* @param {string} source - Source of blocked active mixed content
*/
setBlockedRunInsecureContent: function (frameProps, source) {
dispatch({
actionType: WindowConstants.WINDOW_SET_BLOCKED_RUN_INSECURE_CONTENT,
frameProps,
source
})
}
}

Expand Down
24 changes: 13 additions & 11 deletions js/components/frame.js
Original file line number Diff line number Diff line change
Expand Up @@ -166,13 +166,13 @@ class Frame extends ImmutableComponent {
}

shouldCreateWebview () {
return !this.webview || this.webview.allowRunningInsecureContent !== this.allowRunningInsecureContent() ||
!!this.webview.allowRunningPlugins !== this.allowRunningPlugins()
return !this.webview || !!this.webview.allowRunningPlugins !== this.allowRunningPlugins()
}

allowRunningInsecureContent () {
let hack = siteHacks[urlParse(this.props.location).hostname]
return !!(hack && hack.allowRunningInsecureContent)
runInsecureContent () {
const activeSiteSettings = getSiteSettingsForHostPattern(this.props.allSiteSettings, this.origin)
return activeSiteSettings === undefined
? false : activeSiteSettings.get('runInsecureContent')
}

allowRunningPlugins (url) {
Expand Down Expand Up @@ -263,10 +263,6 @@ class Frame extends ImmutableComponent {
if (hack && hack.userAgent) {
this.webview.setAttribute('useragent', hack.userAgent)
}
if (this.allowRunningInsecureContent()) {
this.webview.setAttribute('allowRunningInsecureContent', true)
this.webview.allowRunningInsecureContent = true
}
if (this.allowRunningPlugins()) {
this.webview.setAttribute('plugins', true)
this.webview.allowRunningPlugins = true
Expand Down Expand Up @@ -584,6 +580,9 @@ class Frame extends ImmutableComponent {
windowActions.setBlockedBy(this.frame, 'noScript', e.details[1])
}
})
this.webview.addEventListener('did-block-run-insecure-content', (e) => {
windowActions.setBlockedRunInsecureContent(this.frame, this.props.location)
})
this.webview.addEventListener('context-menu', (e) => {
contextMenus.onMainContextMenu(e.params, this.frame)
e.preventDefault()
Expand Down Expand Up @@ -758,9 +757,12 @@ class Frame extends ImmutableComponent {
interceptFlash(true, e.url)
}
windowActions.onWebviewLoadStart(this.frame, e.url)
const isSecure = parsedUrl.protocol === 'https:' && !this.allowRunningInsecureContent()
windowActions.setBlockedRunInsecureContent(this.frame)
const isSecure = parsedUrl.protocol === 'https:' && !this.runInsecureContent()
const runInsecureContent = parsedUrl.protocol === 'https:' && this.runInsecureContent()
windowActions.setSecurityState(this.frame, {
secure: isSecure
secure: isSecure,
runInsecureContent: runInsecureContent
})
if (isSecure) {
// Check that there isn't a cert error.
Expand Down
36 changes: 31 additions & 5 deletions js/components/siteInfo.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,34 +3,51 @@
* You can obtain one at http://mozilla.org/MPL/2.0/. */

const React = require('react')
const ipc = require('electron').ipcRenderer
const ImmutableComponent = require('./immutableComponent')
const cx = require('../lib/classSet.js')
const Dialog = require('./dialog')
const Button = require('./button')
const appActions = require('../actions/appActions')
const messages = require('../constants/messages')
const siteUtil = require('../state/siteUtil')

class SiteInfo extends ImmutableComponent {
constructor () {
super()
this.OnAllowRunInsecureContent = this.OnAllowRunInsecureContent.bind(this)
}
OnAllowRunInsecureContent () {
appActions.changeSiteSetting(siteUtil.getOrigin(this.isBlockedRunInsecureContent), 'runInsecureContent', true)
ipc.emit(messages.SHORTCUT_ACTIVE_FRAME_LOAD_URL, {}, this.isBlockedRunInsecureContent)
this.props.onHide()
}
get isExtendedValidation () {
return this.props.frameProps.getIn(['security', 'isExtendedValidation'])
}
get isSecure () {
return this.props.frameProps.getIn(['security', 'isSecure'])
}
get isMixedContent () {
return this.props.frameProps.getIn(['security', 'isMixedContent'])
get runInsecureContent () {
return this.props.frameProps.getIn(['security', 'runInsecureContent'])
}
get isBlockedRunInsecureContent () {
return this.props.frameProps.getIn(['security', 'blockedRunInsecureContent'])
}
get partitionNumber () {
return this.props.frameProps.getIn(['partitionNumber'])
}
render () {
let secureIcon
if (this.isSecure && !this.isMixedContent) {
if (this.isSecure && !this.runInsecureContent) {
secureIcon = <li><span
className={cx({
fa: true,
'fa-lock': true,
extendedValidation: this.isExtendedValidation
})} /><span data-l10n-id='secureConnection' /></li>
} else if (this.isMixedContent) {
secureIcon = <li><span className='fa fa-unlock-alt' /><span data-l10n-id='mixedConnection' /></li>
} else if (this.runInsecureContent) {
secureIcon = <li><span className='fa fa-unlock' /><span data-l10n-id='mixedConnection' /></li>
} else {
secureIcon = <li><span className='fa fa-unlock' /><span data-l10n-id='insecureConnection' data-l10n-args={JSON.stringify(l10nArgs)} /></li>
}
Expand All @@ -46,6 +63,12 @@ class SiteInfo extends ImmutableComponent {
<span data-l10n-args={JSON.stringify(l10nArgs)} data-l10n-id='sessionInfo' /></li>
}

let allowRunInsecureContentButton
if (this.isBlockedRunInsecureContent) {
allowRunInsecureContentButton =
<Button l10nId='allowRunInsecureContent' className='primaryButton allowRunInsecureContentButton' onClick={this.OnAllowRunInsecureContent} />
}

return <Dialog onHide={this.props.onHide} className='siteInfo' isClickDismiss>
<ul onClick={(e) => e.stopPropagation()}>
{
Expand All @@ -54,6 +77,9 @@ class SiteInfo extends ImmutableComponent {
{
partitionInfo
}
{
allowRunInsecureContentButton
}
</ul>
</Dialog>
}
Expand Down
2 changes: 1 addition & 1 deletion js/components/urlBar.js
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,7 @@ class UrlBar extends ImmutableComponent {
urlbarIcon: true,
'fa': !this.activateSearchEngine,
'fa-lock': !this.activateSearchEngine && this.isHTTPPage && this.props.isSecure && !this.props.urlbar.get('active'),
'fa-unlock-alt': !this.activateSearchEngine && this.isHTTPPage && !this.props.isSecure && !this.props.urlbar.get('active') && !this.props.titleMode,
'fa-unlock': !this.activateSearchEngine && this.isHTTPPage && !this.props.isSecure && !this.props.urlbar.get('active') && !this.props.titleMode,
'fa fa-file': !this.activateSearchEngine && this.props.urlbar.get('active') && this.props.loading === false,
extendedValidation: this.extendedValidationSSL
})}
Expand Down
3 changes: 2 additions & 1 deletion js/constants/windowConstants.js
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,8 @@ const windowConstants = {
WINDOW_SET_LAST_ZOOM_PERCENTAGE: _,
WINDOW_SET_CLEAR_BROWSING_DATA_DETAIL: _,
WINDOW_SET_AUTOFILL_ADDRESS_DETAIL: _,
WINDOW_SET_AUTOFILL_CREDIT_CARD_DETAIL: _
WINDOW_SET_AUTOFILL_CREDIT_CARD_DETAIL: _,
WINDOW_SET_BLOCKED_RUN_INSECURE_CONTENT: _
}

module.exports = mapValuesByKeys(windowConstants)
4 changes: 0 additions & 4 deletions js/data/siteHacks.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ module.exports = {
},
// For links like: https://player.twitch.tv/?channel=iwilldominate
'player.twitch.tv': {
allowRunningInsecureContent: true,
enableForAll: true
},
'www.wired.com': {
Expand All @@ -61,9 +60,6 @@ module.exports = {
};
})();`
},
'www.twitch.tv': {
allowRunningInsecureContent: true
},
'imasdk.googleapis.com': {
enableForAdblock: true,
onBeforeRequest: function (details) {
Expand Down
8 changes: 8 additions & 0 deletions js/state/contentSettings.js
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,10 @@ const getContentSettingsFromSiteSettings = (appState) => {
flashActive: [{
setting: 'block',
primaryPattern: '*'
}],
runInsecureContent: [{
setting: 'block',
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is where the site hacks should go for running insecure content

primaryPattern: '*'
}]
}

Expand All @@ -124,6 +128,10 @@ const getContentSettingsFromSiteSettings = (appState) => {
addContentSettings(contentSettings.javascript, hostPattern, '*',
hostSetting.noScript ? 'block' : 'allow')
}
if (typeof hostSetting.runInsecureContent === 'boolean') {
addContentSettings(contentSettings.runInsecureContent, hostPattern, '*',
hostSetting.runInsecureContent ? 'allow' : 'block')
}
if (hostSetting.cookieControl) {
if (hostSetting.cookieControl === 'block3rdPartyCookie') {
addContentSettings(contentSettings.cookies, hostPattern, '*', 'block')
Expand Down
15 changes: 15 additions & 0 deletions js/stores/windowStore.js
Original file line number Diff line number Diff line change
Expand Up @@ -742,6 +742,10 @@ const doAction = (action) => {
windowState = windowState.setIn(path.concat(['security', 'isSecure']),
action.securityState.secure)
}
if (action.securityState.runInsecureContent !== undefined) {
windowState = windowState.setIn(path.concat(['security', 'runInsecureContent']),
action.securityState.runInsecureContent)
}
if (action.securityState.certDetails) {
windowState = windowState.setIn(path.concat(['security', 'certDetails']),
action.securityState.certDetails)
Expand All @@ -763,6 +767,17 @@ const doAction = (action) => {
history: addToHistory(action.frameProps)
})
break
case WindowConstants.WINDOW_SET_BLOCKED_RUN_INSECURE_CONTENT:
const blockedRunInsecureContentPath =
['frames', FrameStateUtil.getFramePropsIndex(windowState.get('frames'), action.frameProps)]
if (action.source) {
windowState =
windowState.setIn(blockedRunInsecureContentPath.concat(['security', 'blockedRunInsecureContent']), action.source)
} else {
windowState =
windowState.deleteIn(blockedRunInsecureContentPath.concat(['security', 'blockedRunInsecureContent']))
}
break
default:
}

Expand Down
4 changes: 2 additions & 2 deletions less/navigationBar.less
Original file line number Diff line number Diff line change
Expand Up @@ -384,14 +384,14 @@
min-width: 16px;

&.fa-lock,
&.fa-unlock-alt {
&.fa-unlock {
margin-top: 4px;
font-size: 16px;
min-height: 10px;
min-width: 16px;
}

&.fa-unlock-alt {
&.fa-unlock {
color: @gray;
}

Expand Down
56 changes: 55 additions & 1 deletion test/components/navigationBarTest.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

const Brave = require('../lib/brave')
const config = require('../../js/constants/config')
const {urlBarSuggestions, urlInput, activeWebview, activeTabFavicon, activeTab, navigatorLoadTime, navigator, titleBar, urlbarIcon, bookmarksToolbar, navigatorNotBookmarked, navigatorBookmarked, saveButton} = require('../lib/selectors')
const {urlBarSuggestions, urlInput, activeWebview, activeTabFavicon, activeTab, navigatorLoadTime, navigator, titleBar, urlbarIcon, bookmarksToolbar, navigatorNotBookmarked, navigatorBookmarked, saveButton, allowRunInsecureContentButton} = require('../lib/selectors')
const urlParse = require('url').parse
const assert = require('assert')
const settings = require('../../js/constants/settings')
Expand Down Expand Up @@ -247,6 +247,10 @@ describe('navigationBar', function () {
.getAttribute(urlbarIcon, 'class').then((classes) =>
classes.includes('fa-unlock')
))
.windowByUrl(Brave.browserWindowUrl)
.click(urlbarIcon)
.waitForVisible('[data-l10n-id="insecureConnection"]')
.keys('\uE00C')
})
it('Shows secure URL icon', function * () {
const page1Url = 'https://badssl.com/'
Expand All @@ -258,6 +262,10 @@ describe('navigationBar', function () {
this.app.client.getAttribute(urlbarIcon, 'class').then((classes) =>
classes.includes('fa-lock')
))
.windowByUrl(Brave.browserWindowUrl)
.click(urlbarIcon)
.waitForVisible('[data-l10n-id="secureConnection"]')
.keys('\uE00C')
})
it('Blocks active mixed content', function * () {
const page1Url = 'https://mixed-script.badssl.com/'
Expand All @@ -272,6 +280,52 @@ describe('navigationBar', function () {
color.value === 'rgba(128,128,128,1)'
)
})
.windowByUrl(Brave.browserWindowUrl)
.waitForExist(urlbarIcon)
.waitUntil(() =>
this.app.client.getAttribute(urlbarIcon, 'class').then((classes) =>
classes.includes('fa-lock')
))
.windowByUrl(Brave.browserWindowUrl)
.click(urlbarIcon)
.waitForVisible('[data-l10n-id="secureConnection"]')
.keys('\uE00C')
})
it('Temporarily allow active mixed content', function * () {
const page1Url = 'https://mixed-script.badssl.com/'
yield this.app.client.tabByUrl(Brave.newTabUrl)
.url(page1Url)
.waitUntil(() => {
return this.app.client.execute(() => document.readyState).then((ret) =>
ret.value === 'complete'
)
}).waitUntil(() => {
return this.app.client.getCssProperty('body', 'background-color').then((color) =>
color.value === 'rgba(128,128,128,1)'
)
})
.windowByUrl(Brave.browserWindowUrl)
.click(urlbarIcon)
.windowByUrl(Brave.browserWindowUrl)
.waitForVisible(allowRunInsecureContentButton)
.click(allowRunInsecureContentButton)
.tabByUrl(this.page1Url)
.waitUntil(() => {
return this.app.client.execute(() => document.readyState).then((ret) =>
ret.value === 'complete'
)
}).waitUntil(() => {
return this.app.client.getCssProperty('body', 'background-color').then((color) =>
color.value === 'rgba(255,0,0,1)'
)
})
.windowByUrl(Brave.browserWindowUrl)
.click(urlbarIcon)
.getAttribute(urlbarIcon, 'class').then((classes) =>
classes.includes('fa-unlock')
)
.waitForVisible('[data-l10n-id="mixedConnection"]')
.keys('\uE00C')
})
})

Expand Down
3 changes: 2 additions & 1 deletion test/lib/selectors.js
Original file line number Diff line number Diff line change
Expand Up @@ -60,5 +60,6 @@ module.exports = {
paymentHistoryButton: '.paymentHistoryButton',
paymentsWelcomePage: '.paymentsMessage',
autofillAddressPanel: '.autofillAddressPanel',
autofillCreditCardPanel: '.autofillCreditCardPanel'
autofillCreditCardPanel: '.autofillCreditCardPanel',
allowRunInsecureContentButton: '.allowRunInsecureContentButton'
}