diff options
author | Quentin Rameau <quinq@fifth.space> | 2016-07-08 18:27:07 +0200 |
---|---|---|
committer | Quentin Rameau <quinq@fifth.space> | 2017-04-19 17:41:23 +0200 |
commit | 0247e91b0067c715b19dedd7a3012624ee61576a (patch) | |
tree | d1dcc6d9af6edc935beeb16622c9f8ad5b7aba3c | |
parent | 2355c20e92d6f47100323e3394d565f8e8bf70dc (diff) | |
download | surf-0247e91b0067c715b19dedd7a3012624ee61576a.tar.gz surf-0247e91b0067c715b19dedd7a3012624ee61576a.tar.bz2 surf-0247e91b0067c715b19dedd7a3012624ee61576a.zip |
Set strict ssl by default and handle insecure content
Non-https content in https pages is now handled separately from https
connection establishment.
-rw-r--r-- | config.def.h | 2 | ||||
-rw-r--r-- | surf.c | 29 |
2 files changed, 20 insertions, 11 deletions
diff --git a/config.def.h b/config.def.h index 0ade76e..fca81c3 100644 --- a/config.def.h +++ b/config.def.h @@ -30,7 +30,7 @@ static Parameter defconfig[ParameterLast] = { SETB(SiteQuirks, 1), SETB(SpellChecking, 0), SETV(SpellLanguages, ((char *[]){ "en_US", NULL })), - SETB(StrictSSL, 0), + SETB(StrictSSL, 1), SETB(Style, 1), SETF(ZoomLevel, 1.0), }; @@ -104,9 +104,9 @@ typedef struct Client { WebKitWebInspector *inspector; WebKitFindController *finder; WebKitHitTestResult *mousepos; - GTlsCertificateFlags tlsflags; + GTlsCertificateFlags tlserr; Window xid; - int progress, fullscreen; + int progress, fullscreen, https, insecure; const char *title, *overtitle, *targeturi; const char *needle; struct Client *next; @@ -196,6 +196,8 @@ static gboolean decidepolicy(WebKitWebView *v, WebKitPolicyDecision *d, static void decidenavigation(WebKitPolicyDecision *d, Client *c); static void decidenewwindow(WebKitPolicyDecision *d, Client *c); static void decideresource(WebKitPolicyDecision *d, Client *c); +static void insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, + Client *c); static void downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c); static void responsereceived(WebKitDownload *d, GParamSpec *ps, Client *c); @@ -452,7 +454,6 @@ newclient(Client *rc) clients = c; c->progress = 100; - c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; c->view = newview(c, rc ? rc->view : NULL); return c; @@ -574,8 +575,10 @@ gettogglestats(Client *c) void getpagestats(Client *c) { - pagestats[0] = c->tlsflags > G_TLS_CERTIFICATE_VALIDATE_ALL ? '-' : - c->tlsflags > 0 ? 'U' : 'T'; + if (c->https) + pagestats[0] = (c->tlserr || c->insecure) ? 'U' : 'T'; + else + pagestats[0] = '-'; pagestats[1] = '\0'; } @@ -1006,6 +1009,8 @@ newview(Client *c, WebKitWebView *rv) G_CALLBACK(createview), c); g_signal_connect(G_OBJECT(v), "decide-policy", G_CALLBACK(decidepolicy), c); + g_signal_connect(G_OBJECT(v), "insecure-content-detected", + G_CALLBACK(insecurecontent), c); g_signal_connect(G_OBJECT(v), "load-changed", G_CALLBACK(loadchanged), c); g_signal_connect(G_OBJECT(v), "mouse-target-changed", @@ -1227,7 +1232,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) curconfig = defconfig; setatom(c, AtomUri, title); c->title = title; - c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; + c->https = c->insecure = 0; seturiparameters(c, geturi(c)); break; case WEBKIT_LOAD_REDIRECTED: @@ -1236,10 +1241,8 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) seturiparameters(c, geturi(c)); break; case WEBKIT_LOAD_COMMITTED: - if (!webkit_web_view_get_tls_info(c->view, NULL, - &(c->tlsflags))) - c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; - + c->https = webkit_web_view_get_tls_info(c->view, NULL, + &c->tlserr); break; case WEBKIT_LOAD_FINISHED: /* Disabled until we write some WebKitWebExtension for @@ -1427,6 +1430,12 @@ decideresource(WebKitPolicyDecision *d, Client *c) } void +insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, Client *c) +{ + c->insecure = 1; +} + +void downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c) { g_signal_connect(G_OBJECT(d), "notify::response", |