1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_PAGE_INFO_PAGE_INFO_H_
6 #define COMPONENTS_PAGE_INFO_PAGE_INFO_H_
11 #include "base/gtest_prod_util.h"
12 #include "base/memory/raw_ptr.h"
13 #include "base/time/time.h"
14 #include "build/build_config.h"
15 #include "components/content_settings/browser/ui/cookie_controls_controller.h"
16 #include "components/content_settings/browser/ui/cookie_controls_view.h"
17 #include "components/content_settings/core/common/content_settings.h"
18 #include "components/content_settings/core/common/content_settings_types.h"
19 #include "components/safe_browsing/buildflags.h"
20 #include "components/security_state/core/security_state.h"
21 #include "content/public/browser/web_contents.h"
23 namespace content_settings {
24 class PageSpecificContentSettings;
28 class X509Certificate;
31 namespace permissions {
32 class ObjectPermissionContextBase;
40 class HostContentSettingsMap;
41 class PageInfoDelegate;
44 // The |PageInfo| provides information about a website's permissions,
45 // connection state and its identity. It owns a UI that displays the
46 // information and allows users to change the permissions. |PageInfo|
47 // objects must be created on the heap. They destroy themselves after the UI is
49 class PageInfo : private content_settings::CookieControlsView {
51 // Status of a connection to a website.
52 enum SiteConnectionStatus {
53 SITE_CONNECTION_STATUS_UNKNOWN = 0, // No status available.
54 SITE_CONNECTION_STATUS_ENCRYPTED, // Connection is encrypted.
55 SITE_CONNECTION_STATUS_INSECURE_PASSIVE_SUBRESOURCE, // Non-secure passive
57 SITE_CONNECTION_STATUS_INSECURE_FORM_ACTION, // Non-secure form
59 SITE_CONNECTION_STATUS_INSECURE_ACTIVE_SUBRESOURCE, // Non-secure active
61 SITE_CONNECTION_STATUS_UNENCRYPTED, // Connection is not encrypted.
62 SITE_CONNECTION_STATUS_ENCRYPTED_ERROR, // Connection error occurred.
63 SITE_CONNECTION_STATUS_INTERNAL_PAGE, // Internal site.
66 // Validation status of a website's identity.
67 enum SiteIdentityStatus {
68 // No status about the website's identity available.
69 SITE_IDENTITY_STATUS_UNKNOWN = 0,
70 // The website provided a valid certificate.
71 SITE_IDENTITY_STATUS_CERT,
72 // The website provided a valid EV certificate.
73 SITE_IDENTITY_STATUS_EV_CERT,
74 // Site identity could not be verified because the site did not provide a
75 // certificate. This is the expected state for HTTP connections.
76 SITE_IDENTITY_STATUS_NO_CERT,
77 // An error occured while verifying the site identity.
78 SITE_IDENTITY_STATUS_ERROR,
79 // The site is a trusted internal chrome page.
80 SITE_IDENTITY_STATUS_INTERNAL_PAGE,
81 // The profile has accessed data using an administrator-provided
82 // certificate, so the administrator might be able to intercept data.
83 SITE_IDENTITY_STATUS_ADMIN_PROVIDED_CERT,
84 // The website provided a valid certificate, but the certificate or chain
85 // is using a deprecated signature algorithm.
86 SITE_IDENTITY_STATUS_DEPRECATED_SIGNATURE_ALGORITHM,
89 // Safe Browsing status of a website.
90 enum SafeBrowsingStatus {
91 SAFE_BROWSING_STATUS_NONE = 0,
92 // The website has been flagged by Safe Browsing as dangerous for
93 // containing malware, social engineering, unwanted software, or password
94 // reuse on a low reputation site.
95 SAFE_BROWSING_STATUS_MALWARE,
96 SAFE_BROWSING_STATUS_SOCIAL_ENGINEERING,
97 SAFE_BROWSING_STATUS_UNWANTED_SOFTWARE,
98 SAFE_BROWSING_STATUS_SAVED_PASSWORD_REUSE,
99 SAFE_BROWSING_STATUS_SIGNED_IN_SYNC_PASSWORD_REUSE,
100 SAFE_BROWSING_STATUS_SIGNED_IN_NON_SYNC_PASSWORD_REUSE,
101 SAFE_BROWSING_STATUS_ENTERPRISE_PASSWORD_REUSE,
102 SAFE_BROWSING_STATUS_BILLING,
105 // Events for UMA. Do not reorder or change! Exposed in header so enum is
106 // accessible from test.
107 enum SSLCertificateDecisionsDidRevoke {
108 USER_CERT_DECISIONS_NOT_REVOKED = 0,
109 USER_CERT_DECISIONS_REVOKED = 1,
110 END_OF_SSL_CERTIFICATE_DECISIONS_DID_REVOKE_ENUM
113 // UMA statistics for PageInfo. Do not reorder or remove existing
114 // fields. A Java counterpart will be generated for this enum.
115 // GENERATED_JAVA_ENUM_PACKAGE: org.chromium.components.page_info
116 // All values here should have corresponding entries in
117 // WebsiteSettingsAction area of enums.xml.
118 enum PageInfoAction {
119 PAGE_INFO_OPENED = 0,
120 // No longer used; indicated actions for the old version of Page Info that
121 // had a "Permissions" tab and a "Connection" tab.
122 // PAGE_INFO_PERMISSIONS_TAB_SELECTED = 1,
123 // PAGE_INFO_CONNECTION_TAB_SELECTED = 2,
124 // PAGE_INFO_CONNECTION_TAB_SHOWN_IMMEDIATELY = 3,
125 PAGE_INFO_COOKIES_DIALOG_OPENED = 4,
126 PAGE_INFO_CHANGED_PERMISSION = 5,
127 PAGE_INFO_CERTIFICATE_DIALOG_OPENED = 6,
128 // No longer used; indicated a UI viewer for SCTs.
129 // PAGE_INFO_TRANSPARENCY_VIEWER_OPENED = 7,
130 PAGE_INFO_CONNECTION_HELP_OPENED = 8,
131 PAGE_INFO_SITE_SETTINGS_OPENED = 9,
132 PAGE_INFO_SECURITY_DETAILS_OPENED = 10,
133 PAGE_INFO_COOKIES_ALLOWED_FOR_SITE = 11,
134 PAGE_INFO_COOKIES_BLOCKED_FOR_SITE = 12,
135 PAGE_INFO_COOKIES_CLEARED = 13,
136 PAGE_INFO_PERMISSION_DIALOG_OPENED = 14,
137 PAGE_INFO_PERMISSIONS_CLEARED = 15,
138 // No longer used; indicated permission change but was a duplicate metric.
139 // PAGE_INFO_PERMISSIONS_CHANGED = 16,
140 PAGE_INFO_FORGET_SITE_OPENED = 17,
141 PAGE_INFO_FORGET_SITE_CLEARED = 18,
142 PAGE_INFO_HISTORY_OPENED = 19,
143 PAGE_INFO_HISTORY_ENTRY_REMOVED = 20,
144 PAGE_INFO_HISTORY_ENTRY_CLICKED = 21,
145 PAGE_INFO_PASSWORD_REUSE_ALLOWED = 22,
146 PAGE_INFO_CHANGE_PASSWORD_PRESSED = 23,
147 PAGE_INFO_SAFETY_TIP_HELP_OPENED = 24,
148 PAGE_INFO_CHOOSER_OBJECT_DELETED = 25,
149 PAGE_INFO_RESET_DECISIONS_CLICKED = 26,
150 PAGE_INFO_STORE_INFO_CLICKED = 27,
151 PAGE_INFO_ABOUT_THIS_SITE_PAGE_OPENED = 28,
152 PAGE_INFO_ABOUT_THIS_SITE_SOURCE_LINK_CLICKED = 29,
153 PAGE_INFO_AD_PERSONALIZATION_PAGE_OPENED = 30,
154 PAGE_INFO_AD_PERSONALIZATION_SETTINGS_OPENED = 31,
155 PAGE_INFO_ABOUT_THIS_SITE_MORE_ABOUT_CLICKED = 32,
156 PAGE_INFO_COOKIES_PAGE_OPENED = 33,
157 PAGE_INFO_COOKIES_SETTINGS_OPENED = 34,
158 PAGE_INFO_ALL_SITES_WITH_FPS_FILTER_OPENED = 35,
159 kMaxValue = PAGE_INFO_ALL_SITES_WITH_FPS_FILTER_OPENED
162 struct ChooserUIInfo {
163 ContentSettingsType content_settings_type;
164 int description_string_id;
165 int allowed_by_policy_description_string_id;
166 int delete_tooltip_string_id;
169 // |PermissionInfo| contains information about a single permission |type| for
170 // the current website.
171 struct PermissionInfo {
172 PermissionInfo() = default;
173 // Site permission |type|.
174 ContentSettingsType type = ContentSettingsType::DEFAULT;
175 // The current value for the permission |type| (e.g. ALLOW or BLOCK).
176 ContentSetting setting = CONTENT_SETTING_DEFAULT;
177 // The global default settings for this permission |type|.
178 ContentSetting default_setting = CONTENT_SETTING_DEFAULT;
179 // The settings source e.g. user, extensions, policy, ... .
180 content_settings::SettingSource source =
181 content_settings::SETTING_SOURCE_NONE;
182 bool is_one_time = false;
185 // Creates a PageInfo for the passed |url| using the given |ssl| status
186 // object to determine the status of the site's connection. Computes the UI
187 // inputs and records page info opened action. It is assumed that this is
188 // created when page info dialog is opened and destroyed when the dialog is
190 PageInfo(std::unique_ptr<PageInfoDelegate> delegate,
191 content::WebContents* web_contents,
194 PageInfo(const PageInfo&) = delete;
195 PageInfo& operator=(const PageInfo&) = delete;
197 ~PageInfo() override;
199 // Called when the third-party blocking toggle in the cookies subpage gets
201 void OnThirdPartyToggleClicked(bool block_third_party_cookies);
203 // Checks whether this permission is currently the factory default, as set by
204 // Chrome. Specifically, that the following three conditions are true:
205 // - The current active setting comes from the default or pref provider.
206 // - The setting is the factory default setting (as opposed to a global
207 // default setting set by the user).
208 // - The setting is a wildcard setting applying to all origins (which can
209 // only be set from the default provider).
210 static bool IsPermissionFactoryDefault(const PermissionInfo& info,
213 // Returns whether this page info is for an internal page.
214 static bool IsFileOrInternalPage(const GURL& url);
216 // Initializes the current UI and calls present data methods on it to notify
217 // the current UI about the data it is subscribed to.
218 void InitializeUiState(PageInfoUI* ui, base::OnceClosure done);
220 // This method is called to update the presenter's security state and forwards
221 // that change on to the UI to be redrawn.
222 void UpdateSecurityState();
224 void RecordPageInfoAction(PageInfoAction action);
226 void UpdatePermissions();
228 // This method is called when ever a permission setting is changed.
229 void OnSitePermissionChanged(ContentSettingsType type,
230 ContentSetting value,
233 // This method is called whenever access to an object is revoked.
234 void OnSiteChosenObjectDeleted(const ChooserUIInfo& ui_info,
235 const base::Value& object);
237 // This method is called by the UI when the UI is closing.
238 // If specified, |reload_prompt| is set to whether closing the UI resulted in
239 // a prompt to the user to reload the page.
240 void OnUIClosing(bool* reload_prompt);
242 // This method is called when the revoke SSL error bypass button is pressed.
243 void OnRevokeSSLErrorBypassButtonPressed();
245 // Handles opening the link to show more site settings and records the event.
246 void OpenSiteSettingsView();
248 // Handles opening the link to show cookies settings and records the event.
249 void OpenCookiesSettingsView();
251 // Handles opening the link to show all sites settings with a filter for
252 // current site's fps and records the event.
253 void OpenAllSitesViewFilteredToFps();
255 // Handles opening the cookies dialog and records the event.
256 void OpenCookiesDialog();
258 // Handles opening the certificate dialog and records the event.
259 void OpenCertificateDialog(net::X509Certificate* certificate);
261 // Handles opening the safery tip help center page.
262 void OpenSafetyTipHelpCenterPage();
264 // Handles opening the connection help center page and records the event.
265 void OpenConnectionHelpCenterPage(const ui::Event& event);
267 // Handles opening the settings page for a permission.
268 void OpenContentSettingsExceptions(ContentSettingsType content_settings_type);
270 // This method is called when the user pressed "Change password" button.
271 void OnChangePasswordButtonPressed();
273 // This method is called when the user pressed "Mark as legitimate" button.
274 void OnAllowlistPasswordReuseButtonPressed();
276 // Return a pointer to the ObjectPermissionContextBase corresponding to the
277 // content settings type, |type|. Returns nullptr for content settings
278 // for which there's no ObjectPermissionContextBase.
279 permissions::ObjectPermissionContextBase* GetChooserContextFromUIInfo(
280 const ChooserUIInfo& ui_info) const;
282 void SetAboutThisSiteShown(bool was_about_this_site_shown) {
283 was_about_this_site_shown_ = was_about_this_site_shown;
287 const SiteConnectionStatus& site_connection_status() const {
288 return site_connection_status_;
291 const GURL& site_url() const { return site_url_; }
293 const SiteIdentityStatus& site_identity_status() const {
294 return site_identity_status_;
297 const SafeBrowsingStatus& safe_browsing_status() const {
298 return safe_browsing_status_;
301 // Returns site origin in a concise and human-friendly way, without the
302 // HTTP/HTTPS scheme, the username and password, the path and trivial
304 std::u16string GetSimpleSiteName() const;
306 // For Isolated Web Apps the origin's host name is a non-human-readable string
307 // of characters, so instead of displaying the origin, the short name of the
308 // app will be displayed.
309 std::u16string GetSiteOriginOrAppNameToDisplay() const;
311 // Retrieves all the permissions that are shown in Page Info.
312 // Exposed for testing.
313 static std::vector<ContentSettingsType> GetAllPermissionsForTesting();
315 PageInfoUI* ui_for_testing() const { return ui_; }
317 void SetSiteNameForTesting(const std::u16string& site_name);
319 void SetIsolatedWebAppNameForTesting(
320 const std::u16string& isolated_web_app_name);
323 FRIEND_TEST_ALL_PREFIXES(PageInfoTest,
324 NonFactoryDefaultAndRecentlyChangedPermissionsShown);
325 FRIEND_TEST_ALL_PREFIXES(PageInfoTest, IncognitoPermissionsEmptyByDefault);
326 FRIEND_TEST_ALL_PREFIXES(PageInfoTest, IncognitoPermissionsDontShowAsk);
328 // CookieControlsView:
329 void OnStatusChanged(CookieControlsStatus status,
330 CookieControlsEnforcement enforcement,
332 int blocked_cookies) override;
333 void OnCookiesCountChanged(int allowed_cookies, int blocked_cookies) override;
335 // Populates this object's UI state with provided security context. This
336 // function does not update visible UI-- that's part of Present*().
337 void ComputeUIInputs(const GURL& url);
339 // Sets (presents) the information about the site's permissions in the |ui_|.
340 void PresentSitePermissions();
342 // Helper function which `PresentSiteData` calls after the ignored empty
343 // storage keys have been updated.
344 void PresentSiteDataInternal(base::OnceClosure done);
346 // Sets (presents) the information about the site's data in the |ui_|.
347 void PresentSiteData(base::OnceClosure done);
349 // Sets (presents) the information about the site's identity and connection
351 void PresentSiteIdentity();
353 // Presents feature related info in the |ui_|; like, if VR content is being
354 // presented in a headset.
355 void PresentPageFeatureInfo();
357 // Sets (presents) the information about ad personalization in the |ui_|.
358 void PresentAdPersonalizationData();
360 #if BUILDFLAG(FULL_SAFE_BROWSING)
361 // Records a password reuse event. If FULL_SAFE_BROWSING is defined, this
362 // function WILL record an event. Callers should check conditions beforehand.
363 void RecordPasswordReuseEvent();
366 // Helper function to get the |HostContentSettingsMap| associated with
368 HostContentSettingsMap* GetContentSettings() const;
370 // Helper function to get the Safe Browsing status and details by malicious
372 // TODO(jdeblasio): Eliminate this and just use MaliciousContentStatus?
373 void GetSafeBrowsingStatusByMaliciousContentStatus(
374 security_state::MaliciousContentStatus malicious_content_status,
375 PageInfo::SafeBrowsingStatus* status,
376 std::u16string* details);
378 // Returns PageSpecificContentSettings for the observed WebContents if
379 // present, nullptr otherwise.
380 content_settings::PageSpecificContentSettings*
381 GetPageSpecificContentSettings() const;
383 // Whether the content setting of type |type| has changed via Page Info UI.
384 bool HasContentSettingChangedViaPageInfo(ContentSettingsType type);
386 // Notifies the delegate that the content setting of type |type| has changed
388 void ContentSettingChangedViaPageInfo(ContentSettingsType type);
390 // Get counts of allowed and blocked cookies.
391 int GetFirstPartyAllowedCookiesCount(const GURL& site_url);
392 int GetFirstPartyBlockedCookiesCount(const GURL& site_url);
393 int GetThirdPartyAllowedCookiesCount(const GURL& site_url);
394 int GetThirdPartyBlockedCookiesCount(const GURL& site_url);
396 // Get the count of blocked and allowed sites.
397 int GetSitesWithAllowedCookiesAccessCount();
398 int GetThirdPartySitesWithBlockedCookiesAccessCount(const GURL& site_url);
400 bool IsIsolatedWebApp() const;
402 // The page info UI displays information and controls for site-
403 // specific data (local stored objects like cookies), site-specific
404 // permissions (location, pop-up, plugin, etc. permissions) and site-specific
405 // information (identity, connection status, etc.).
406 raw_ptr<PageInfoUI> ui_;
408 // A web contents getter used to retrieve the associated WebContents object.
409 base::WeakPtr<content::WebContents> web_contents_;
411 // The delegate allows the embedder to customize |PageInfo|'s behavior.
412 std::unique_ptr<PageInfoDelegate> delegate_;
414 // The flag that controls whether an infobar is displayed after the website
415 // settings UI is closed or not.
418 // The Omnibox URL of the website for which to display site permissions and
422 // The short name of an Isolated Web App. Empty for non-IWAs.
423 std::u16string isolated_web_app_name_;
425 // Status of the website's identity verification check.
426 SiteIdentityStatus site_identity_status_;
428 // Safe Browsing status of the website.
429 SafeBrowsingStatus safe_browsing_status_;
431 // Safety tip info of the website. Set regardless of whether the feature is
432 // enabled to show the UI.
433 security_state::SafetyTipInfo safety_tip_info_;
435 // For secure connection |certificate_| is set to the server certificate.
436 scoped_refptr<net::X509Certificate> certificate_;
438 // Status of the connection to the website.
439 SiteConnectionStatus site_connection_status_;
441 // TODO(markusheintz): Move the creation of all the std::u16string typed UI
442 // strings below to the corresponding UI code, in order to prevent
443 // unnecessary UTF-8 string conversions.
445 #if BUILDFLAG(IS_ANDROID)
446 // Details about the website's identity. If the website's identity has been
447 // verified then |identity_status_description_android_| contains who verified
448 // the identity. This string will be displayed in the UI.
449 std::u16string identity_status_description_android_;
452 // Set when the user has explicitly bypassed an SSL error for this host or
453 // explicitly denied it (the latter of which is not currently possible in the
454 // Chrome UI). When |show_ssl_decision_revoke_button| is true, the connection
455 // area of the page info will include an option for the user to revoke their
456 // decision to bypass the SSL error for this host.
457 bool show_ssl_decision_revoke_button_;
459 // Details about the connection to the website. In case of an encrypted
460 // connection |site_connection_details_| contains encryption details, like
461 // encryption strength and ssl protocol version. This string will be
462 // displayed in the UI.
463 std::u16string site_connection_details_;
465 // For websites that provided an EV certificate |orgainization_name_|
466 // contains the organization name of the certificate. In all other cases
467 // |organization_name| is an empty string. This string will be displayed in
469 std::u16string organization_name_;
471 bool did_revoke_user_ssl_decisions_;
473 security_state::SecurityLevel security_level_;
475 security_state::VisibleSecurityState visible_security_state_for_metrics_;
477 // Set when the user ignored the password reuse modal warning dialog. When
478 // |show_change_password_buttons_| is true, the page identity area of the page
479 // info will include buttons to change corresponding password, and to
480 // whitelist current site.
481 bool show_change_password_buttons_;
483 // The time the Page Info UI is opened, for measuring total time open.
484 base::TimeTicks start_time_;
486 // Records whether the user interacted with the bubble beyond opening it.
487 bool did_perform_action_;
489 // Description of the Safe Browsing status. Non-empty if
490 // MaliciousContentStatus isn't NONE.
491 std::u16string safe_browsing_details_;
493 // Whether the "About this site" data was available for the site and "About
494 // this site" section was shown in the page info.
495 bool was_about_this_site_shown_ = false;
497 std::u16string site_name_for_testing_;
499 bool is_isolated_web_app_for_testing_ = false;
501 std::unique_ptr<content_settings::CookieControlsController> controller_;
502 base::ScopedObservation<content_settings::CookieControlsController,
503 content_settings::CookieControlsView>
506 CookieControlsStatus status_ = CookieControlsStatus::kUninitialized;
508 CookieControlsEnforcement enforcement_ =
509 CookieControlsEnforcement::kNoEnforcement;
511 base::WeakPtrFactory<PageInfo> weak_factory_{this};
514 #endif // COMPONENTS_PAGE_INFO_PAGE_INFO_H_