Bug 247197
| Summary: | Upgrade requests in mixed content settings | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Matthew Finkel <m_finkel> |
| Component: | Page Loading | Assignee: | Matthew Finkel <m_finkel> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | beidson, fbraun, fujii.hironori, mcatanzaro, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari Technology Preview | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: |
https://bugs.webkit.org/show_bug.cgi?id=269172 https://bugs.webkit.org/show_bug.cgi?id=279249 |
||
| Bug Depends on: | |||
| Bug Blocks: | 140625, 219396 | ||
Matthew Finkel
Upgrading inactive/passive subresource requests and fetches in would-be mixed security contexts is the new standard: https://www.w3.org/TR/mixed-content/#category-upgradeable
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/101678657>
Frederik Braun (Mozilla)
Drive-by comment, is this the same as bug 219396 (though the other seems to have more details)?
Michael Catanzaro
More or less the same, yes. I was tempted to mark this as a duplicate, but there is a slight difference in scope: bug #219396 additionally envisions removing internal settings and deprecating public settings, and that requires some Linux-specific changes that Apple engineers might not be comfortable with making, but would be very easy for me to do in a follow-up patch in that bug if the main work were to be handled in this bug. So I'll leave it for Matthew to decide whether to leave them both open or mark this one as a duplicate.
Matthew Finkel
(In reply to Frederik Braun (Mozilla) from comment #2)
> Drive-by comment, is this the same as bug 219396 (though the other seems to
> have more details)?
Oh, indeed! My apologies for missing that bug 219396 already includes this.
(In reply to Michael Catanzaro from comment #3)
> More or less the same, yes. I was tempted to mark this as a duplicate, but
> there is a slight difference in scope: bug #219396 additionally envisions
> removing internal settings and deprecating public settings, and that
> requires some Linux-specific changes that Apple engineers might not be
> comfortable with making, but would be very easy for me to do in a follow-up
> patch in that bug if the main work were to be handled in this bug. So I'll
> leave it for Matthew to decide whether to leave them both open or mark this
> one as a duplicate.
I like that plan. Let's focus on only upgrading http requests here, and then bug 219396 can track the remaining pieces (possibly as a meta bug).
Matthew Finkel
Pull request: https://github.com/webkit/WebKit/pull/9577
Matthew Finkel
Pull request: https://github.com/WebKit/WebKit/pull/9577
EWS
Committed 274409@main (8a3335648a55): <https://commits.webkit.org/274409@main>
Reviewed commits have been landed. Closing PR #9577 and removing active labels.
Fujii Hironori
http/tests/navigation/ping-attribute/area-cross-origin-from-https-UpgradeMixedContent.html is a flaky failure. bug#269223 tracks the bug.