142412 – [GTK] Allow mixed content when the TLS connection is unauthenticated

RESOLVED WONTFIX 142412

[GTK] Allow mixed content when the TLS connection is unauthenticated

https://bugs.webkit.org/show_bug.cgi?id=142412

Summary [GTK] Allow mixed content when the TLS connection is unauthenticated

Michael Catanzaro

Reported 2015-03-06 14:40:28 PST

Another difference between our behavior and http://w3c.github.io/webappsec/specs/mixedcontent/ If the TLS connection is unauthenticated, there is no point in blocking mixed content. This will result in a confusing situation for browser UIs (are they supposed to display both a shield and a broken lock? but there is no point in having a shield to "protect" you from mixed content on an unauthenticated connection!), so we really should allow it in this case. This will likely need to be implemented separately for each port, but other ports very probably want this too.

Attachments
Add attachment proposed patch, testcase, etc.

Michael Catanzaro

Comment 1 2015-11-10 17:25:51 PST

This was a dumb idea.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Linux

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2015-03-06 14:40 PST

Modified

2015-11-10 17:25 PST History

CC List

1 user Show

URL

Keywords

Depends on

Blocks

140625

Dependencies

tree graph