[webkit-reviews] review denied: [Bug 89068] Do not allow mixed-content WebSockets (ws:// WebSockets on an https:// page) : [Attachment 147513] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 14 01:07:31 PDT 2012
Adam Barth <abarth at webkit.org> has denied Yuta Kitamura <yutak at chromium.org>'s
request for review:
Bug 89068: Do not allow mixed-content WebSockets (ws:// WebSockets on an
https:// page)
https://bugs.webkit.org/show_bug.cgi?id=89068
Attachment 147513: Patch
https://bugs.webkit.org/attachment.cgi?id=147513&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=147513&action=review
> Source/WebCore/Modules/websockets/WebSocket.cpp:217
> + if (SecurityOrigin::isSecure(KURL(KURL(),
scriptExecutionContext()->securityOrigin()->toString())) &&
m_url.protocolIs("ws")) {
This is not correct. You want to do something more like what
http://trac.webkit.org/browser/trunk/Source/WebCore/loader/FrameLoader.cpp#L869
does.
More information about the webkit-reviews
mailing list