Merge pull request #5556 from brave/fix/5524

Show passive mixed content as secure
brave · Nov 11, 2016 · ede26c3 · ede26c3
2 parents 874365a + ec9ea64
commit ede26c3
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 6 deletions.
diff --git a/js/components/frame.js b/js/components/frame.js
@@ -995,16 +995,20 @@ class Frame extends ImmutableComponent {
         windowActions.setNavigated(this.webview.getURL(), this.props.frameKey, true, this.frame.get('tabId'))
       }
     }
-    this.webview.addEventListener('did-change-security', (e) => {
+    this.webview.addEventListener('security-style-changed', (e) => {
       let isSecure = null
-      let runInsecureContent = false
-      if (e.securityState === 'secure' || e.securityState === 'warning') {
+      let runInsecureContent = this.runInsecureContent()
+      // 'warning' and 'passive mixed content' should never upgrade the
+      // security state from insecure to secure
+      if (e.securityState === 'secure' ||
+          (this.props.isSecure !== false &&
+           runInsecureContent !== true &&
+           ['warning', 'passive-mixed-content'].includes(e.securityState))) {
         isSecure = true
-        runInsecureContent = this.runInsecureContent()
-      } else if (e.securityState === 'insecure' || e.securityState === 'unknown') {
+      } else if (['broken', 'insecure'].includes(e.securityState)) {
         isSecure = false
       }
-      // TODO: handle 'warning' security state
+      // TODO: show intermediate UI for 'warning' and 'passive-mixed-content'
       windowActions.setSecurityState(this.frame, {
         secure: isSecure,
         runInsecureContent

diff --git a/js/components/main.js b/js/components/main.js
@@ -1213,6 +1213,7 @@ class Main extends ImmutableComponent {
                         .includes(siteTags.BOOKMARK_FOLDER)) || emptyMap
                   : null}
                 isFullScreen={frame.get('isFullScreen')}
+                isSecure={frame.getIn(['security', 'isSecure'])}
                 showFullScreenWarning={frame.get('showFullScreenWarning')}
                 findbarShown={frame.get('findbarShown')}
                 findDetail={frame.get('findDetail')}

diff --git a/test/components/navigationBarTest.js b/test/components/navigationBarTest.js
@@ -396,6 +396,18 @@ describe('navigationBar', function () {
           assert(!classes.includes('fa-lock'))
         )
     })
+    it('shows secure icon on a site with passive mixed content', function * () {
+      const page1Url = 'https://mixed.badssl.com/'
+      yield this.app.client.tabByUrl(Brave.newTabUrl).url(page1Url).waitForUrl(page1Url).windowParentByUrl(page1Url)
+      yield this.app.client
+        .moveToObject(navigator)
+        .waitForExist(urlbarIcon)
+        .waitUntil(() =>
+          this.app.client.getAttribute(urlbarIcon, 'class').then((classes) =>
+            classes.includes('fa-lock')
+          )
+        )
+    })
     it('Blocks running insecure content', function * () {
       const page1Url = 'https://mixed-script.badssl.com/'
       yield this.app.client.tabByUrl(Brave.newTabUrl)