NEW 63145
filesystem URLs shouldn't trigger mixed content warnings 
https://bugs.webkit.org/show_bug.cgi?id=63145
Summary filesystem URLs shouldn't trigger mixed content warnings
WebKit Review Bot
Reported 2011-06-22 09:08:25 PDT
filesystem URLs shouldn't trigger mixed content warnings Requested by abarth on #webkit.
Attachments
Needs tests (3.52 KB, patch)
2011-06-22 10:03 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Another approach (still no tests) (728 bytes, patch)
2011-06-22 20:21 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2011-06-22 10:03:14 PDT
Created attachment 98192 [details] Needs tests
Adam Barth
Comment 2 2011-06-22 20:21:18 PDT
Created attachment 98307 [details] Another approach (still no tests)
Adam Barth
Comment 3 2011-06-22 20:23:19 PDT
I think the second approach is better, but other folks might have opinions.
Adam Klein
Comment 4 2011-06-23 11:13:13 PDT
Agreed, the second seems more elegant (and those asserts should already be covered by layout tests as well; I'm pretty sure there's one for filesystem: anyway).
Adam Barth
Comment 5 2011-06-23 11:22:46 PDT
(In reply to comment #4) > Agreed, the second seems more elegant (and those asserts should already be covered by layout tests as well; I'm pretty sure there's one for filesystem: anyway). Ok. I'll write a test and complete the patch. I'm going to leave the ASSERTs there because they explain why it's safe to have those entries in that list.
Adam Barth
Comment 6 2011-10-13 16:13:29 PDT
I'm not actively working on this bug. We had a larger discussion about how to treat these URLs globally in Chrome, which might inform what we do here.
Frédéric Wang (:fredw)
Comment 7 2020-11-16 06:15:29 PST
These are the relevant links in the current spec: https://w3c.github.io/webappsec-mixed-content/#mixed-content https://w3c.github.io/webappsec-mixed-content/#a-priori-authenticated-url https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url > "Return the result of executing § 3.2 Is origin potentially trustworthy? on url’s origin." > Note: The origin of blob: and filesystem: URLs is the origin of the context in which they were created. Therefore, blobs created in a trustworthy origin will themselves be potentially trustworthy.
Note You need to log in before you can comment on or make changes to this bug.