[Webkit-unassigned] [Bug 51134] Move loading related code from MemoryCache to CachedResourceLoader
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 20 15:17:13 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=51134
--- Comment #6 from Alexey Proskuryakov <ap at webkit.org> 2010-12-20 15:17:13 PST ---
> > > - // FIXME: Consider letting the embedder block mixed content loads.
> That was removed by accident (I still don't know what it means).
That comment is easier to understand when considered together with one before the switch block:
// Note: Currently, we always allow mixed content, but we generate a
// callback to the FrameLoaderClient in case the embedder wants to
// update any security indicators.
For example, an https page that includes non-https scripts (and really, any subresources) should not be considered secure, and Safari doesn't display a lock icon for that. But loading non-https content is always risky, letting the party in control of your network connection run any sorts of attacks on authenticated https pages.
I'm not sure why there is anything to consider - maybe the person who wrote this could tell why a way to block such loads wasn't added right away.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list