diff --git a/components/net/about_loader.rs b/components/net/about_loader.rs index ec6865e131a2..5fbaaa686f6b 100644 --- a/components/net/about_loader.rs +++ b/components/net/about_loader.rs @@ -8,6 +8,7 @@ use hyper::http::RawStatus; use hyper::mime::{Mime, SubLevel, TopLevel}; use mime_classifier::MIMEClassifier; use net_traits::ProgressMsg::Done; +use net_traits::response::HttpsState; use net_traits::{LoadConsumer, LoadData, Metadata}; use resource_thread::{CancellationListener, send_error, start_sending_sniffed_opt}; use std::sync::Arc; @@ -28,6 +29,7 @@ pub fn factory(mut load_data: LoadData, charset: Some("utf-8".to_owned()), headers: None, status: Some(RawStatus(200, "OK".into())), + https_state: HttpsState::None, }; if let Ok(chan) = start_sending_sniffed_opt(start_chan, metadata, diff --git a/components/net/http_loader.rs b/components/net/http_loader.rs index 64c732446dbb..e21ade1b2ade 100644 --- a/components/net/http_loader.rs +++ b/components/net/http_loader.rs @@ -26,6 +26,7 @@ use mime_classifier::MIMEClassifier; use msg::constellation_msg::{PipelineId}; use net_traits::ProgressMsg::{Done, Payload}; use net_traits::hosts::replace_hosts; +use net_traits::response::HttpsState; use net_traits::{CookieSource, IncludeSubdomains, LoadConsumer, LoadContext, LoadData, Metadata}; use openssl::ssl::error::{SslError, OpensslError}; use openssl::ssl::{SSL_OP_NO_SSLV2, SSL_OP_NO_SSLV3, SSL_VERIFY_PEER, SslContext, SslMethod}; @@ -769,6 +770,11 @@ pub fn load(load_data: LoadData, }); metadata.headers = Some(adjusted_headers); metadata.status = Some(response.status_raw().clone()); + metadata.https_state = if doc_url.scheme == "https" { + HttpsState::Modern + } else { + HttpsState::None + }; // --- Tell devtools that we got a response // Send an HttpResponse message to devtools with the corresponding request_id diff --git a/components/net_traits/lib.rs b/components/net_traits/lib.rs index 45d01a9818df..bf9a168a1bf8 100644 --- a/components/net_traits/lib.rs +++ b/components/net_traits/lib.rs @@ -312,6 +312,9 @@ pub struct Metadata { #[ignore_heap_size_of = "Defined in hyper"] /// HTTP Status pub status: Option, + + /// Is successful HTTPS connection + pub https_state: response::HttpsState, } impl Metadata { @@ -324,6 +327,7 @@ impl Metadata { headers: None, // https://fetch.spec.whatwg.org/#concept-response-status-message status: Some(RawStatus(200, "OK".into())), + https_state: response::HttpsState::None, } } diff --git a/components/net_traits/response.rs b/components/net_traits/response.rs index b2e73ec371eb..25eeedb42526 100644 --- a/components/net_traits/response.rs +++ b/components/net_traits/response.rs @@ -48,7 +48,7 @@ pub enum CacheState { } /// [Https state](https://fetch.spec.whatwg.org/#concept-response-https-state) -#[derive(Clone)] +#[derive(Clone, Copy, HeapSizeOf, Deserialize, Serialize)] pub enum HttpsState { None, Deprecated, diff --git a/components/script/dom/bindings/trace.rs b/components/script/dom/bindings/trace.rs index 1362731339ad..6794f803a10e 100644 --- a/components/script/dom/bindings/trace.rs +++ b/components/script/dom/bindings/trace.rs @@ -60,6 +60,7 @@ use msg::constellation_msg::{PipelineId, SubpageId, WindowSizeData}; use net_traits::Metadata; use net_traits::image::base::{Image, ImageMetadata}; use net_traits::image_cache_thread::{ImageCacheChan, ImageCacheThread}; +use net_traits::response::HttpsState; use net_traits::storage_thread::StorageType; use profile_traits::mem::ProfilerChan as MemProfilerChan; use profile_traits::time::ProfilerChan as TimeProfilerChan; @@ -299,6 +300,7 @@ no_jsmanaged_fields!(Mime); no_jsmanaged_fields!(AttrIdentifier); no_jsmanaged_fields!(AttrValue); no_jsmanaged_fields!(ElementSnapshot); +no_jsmanaged_fields!(HttpsState); impl JSTraceable for ConstellationChan { #[inline] diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs index 487b93a01f34..dc648142a512 100644 --- a/components/script/dom/document.rs +++ b/components/script/dom/document.rs @@ -84,6 +84,7 @@ use msg::constellation_msg::{ConstellationChan, Key, KeyModifiers, KeyState}; use msg::constellation_msg::{PipelineId, SubpageId}; use net_traits::ControlMsg::{GetCookiesForUrl, SetCookiesForUrl}; use net_traits::CookieSource::NonHTTP; +use net_traits::response::HttpsState; use net_traits::{AsyncResponseTarget, PendingAsyncLoad}; use num::ToPrimitive; use script_thread::{MainThreadScriptMsg, Runnable}; @@ -204,6 +205,8 @@ pub struct Document { dom_complete: Cell, /// Vector to store CSS errors css_errors_store: DOMRefCell>, + /// https://html.spec.whatwg.org/multipage/#concept-document-https-state + https_state: Cell, } #[derive(JSTraceable, HeapSizeOf)] @@ -289,6 +292,11 @@ impl Document { self.is_html_document } + pub fn set_https_state(&self, https_state: HttpsState) { + self.https_state.set(https_state); + self.trigger_mozbrowser_event(MozBrowserEvent::SecurityChange(https_state)); + } + pub fn report_css_error(&self, css_error: CSSError) { self.css_errors_store.borrow_mut().push(css_error); } @@ -1523,6 +1531,7 @@ impl Document { dom_content_loaded_event_end: Cell::new(Default::default()), dom_complete: Cell::new(Default::default()), css_errors_store: DOMRefCell::new(vec![]), + https_state: Cell::new(HttpsState::None), } } diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index 80787b18c5eb..2221147ecad0 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -4,6 +4,7 @@ use dom::attr::{Attr, AttrValue}; use dom::bindings::codegen::Bindings::BrowserElementBinding::BrowserElementIconChangeEventDetail; +use dom::bindings::codegen::Bindings::BrowserElementBinding::BrowserElementSecurityChangeDetail; use dom::bindings::codegen::Bindings::BrowserElementBinding::BrowserShowModalPromptEventDetail; use dom::bindings::codegen::Bindings::HTMLIFrameElementBinding; use dom::bindings::codegen::Bindings::HTMLIFrameElementBinding::HTMLIFrameElementMethods; @@ -29,6 +30,7 @@ use js::jsval::{UndefinedValue, NullValue}; use layout_interface::ReflowQueryType; use msg::constellation_msg::{ConstellationChan}; use msg::constellation_msg::{NavigationDirection, PipelineId, SubpageId}; +use net_traits::response::HttpsState; use page::IterablePage; use script_traits::IFrameSandboxState::{IFrameSandboxed, IFrameUnsandboxed}; use script_traits::{IFrameLoadInfo, MozBrowserEvent, ScriptMsg as ConstellationMsg}; @@ -275,10 +277,26 @@ impl MozBrowserEventDetailBuilder for HTMLIFrameElement { match event { MozBrowserEvent::AsyncScroll | MozBrowserEvent::Close | MozBrowserEvent::ContextMenu | MozBrowserEvent::Error | MozBrowserEvent::LoadEnd | MozBrowserEvent::LoadStart | - MozBrowserEvent::OpenWindow | MozBrowserEvent::SecurityChange | MozBrowserEvent::OpenSearch | + MozBrowserEvent::OpenWindow | MozBrowserEvent::OpenSearch | MozBrowserEvent::UsernameAndPasswordRequired => { rval.set(NullValue()); } + MozBrowserEvent::SecurityChange(https_state) => { + BrowserElementSecurityChangeDetail { + // https://developer.mozilla.org/en-US/docs/Web/Events/mozbrowsersecuritychange + state: Some(DOMString::from(match https_state { + HttpsState::Modern => "secure", + HttpsState::Deprecated => "broken", + HttpsState::None => "insecure", + }.to_owned())), + // FIXME - Not supported yet: + trackingContent: None, + mixedContent: None, + trackingState: None, + extendedValidation: None, + mixedState: None, + }.to_jsval(cx, rval); + } MozBrowserEvent::LocationChange(ref string) | MozBrowserEvent::TitleChange(ref string) => { string.to_jsval(cx, rval); } diff --git a/components/script/dom/webidls/BrowserElement.webidl b/components/script/dom/webidls/BrowserElement.webidl index ecd9df12e66d..33f1fa6fd5e9 100644 --- a/components/script/dom/webidls/BrowserElement.webidl +++ b/components/script/dom/webidls/BrowserElement.webidl @@ -24,6 +24,36 @@ callback BrowserElementNextPaintEventCallback = void (); interface BrowserElement { }; +dictionary BrowserElementSecurityChangeDetail { + + // state: + // "insecure" indicates that the data corresponding to + // the request was received over an insecure channel. + // + // "broken" indicates an unknown security state. This + // may mean that the request is being loaded as part + // of a page in which some content was received over + // an insecure channel. + // + // "secure" indicates that the data corresponding to the + // request was received over a secure channel. + DOMString state; + + // trackingState: + // "loaded_tracking_content": tracking content has been loaded. + // "blocked_tracking_content": tracking content has been blocked from loading. + DOMString trackingState; + + // mixedState: + // "blocked_mixed_active_content": Mixed active content has been blocked from loading. + // "loaded_mixed_active_content": Mixed active content has been loaded. + DOMString mixedState; + + boolean extendedValidation; + boolean trackingContent; + boolean mixedContent; +}; + dictionary BrowserElementIconChangeEventDetail { DOMString rel; DOMString href; diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs index 4cae85da9ba2..ef1a04e16821 100644 --- a/components/script/script_thread.rs +++ b/components/script/script_thread.rs @@ -1878,6 +1878,8 @@ impl ScriptThread { DOMString::new() }; + document.set_https_state(metadata.https_state); + match metadata.content_type { Some(ContentType(Mime(TopLevel::Text, SubLevel::Xml, _))) => { parse_xml(document.r(), diff --git a/components/script_traits/lib.rs b/components/script_traits/lib.rs index 83761f200907..1aede1f6a30e 100644 --- a/components/script_traits/lib.rs +++ b/components/script_traits/lib.rs @@ -46,6 +46,7 @@ use msg::constellation_msg::{PipelineNamespaceId, SubpageId}; use msg::webdriver_msg::WebDriverScriptCommand; use net_traits::ResourceThread; use net_traits::image_cache_thread::ImageCacheThread; +use net_traits::response::HttpsState; use net_traits::storage_thread::StorageThread; use profile_traits::mem; use std::any::Any; @@ -423,7 +424,7 @@ pub enum MozBrowserEvent { /// Sent when window.open() is called within a browser `