Bug 142412
| Summary: | [GTK] Allow mixed content when the TLS connection is unauthenticated | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Catanzaro <mcatanzaro> |
| Component: | WebKitGTK | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | Normal | CC: | mcatanzaro |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Bug Depends on: | |||
| Bug Blocks: | 140625 | ||
Michael Catanzaro
Another difference between our behavior and http://w3c.github.io/webappsec/specs/mixedcontent/
If the TLS connection is unauthenticated, there is no point in blocking mixed content. This will result in a confusing situation for browser UIs (are they supposed to display both a shield and a broken lock? but there is no point in having a shield to "protect" you from mixed content on an unauthenticated connection!), so we really should allow it in this case.
This will likely need to be implemented separately for each port, but other ports very probably want this too.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
This was a dumb idea.