[Webkit-unassigned] [Bug 142412] New: [GTK] Allow mixed content when the TLS connection is unauthenticated

Fri Mar 6 14:40:28 PST 2015

https://bugs.webkit.org/show_bug.cgi?id=142412

            Bug ID: 142412
           Summary: [GTK] Allow mixed content when the TLS connection is
                    unauthenticated
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com

Another difference between our behavior and http://w3c.github.io/webappsec/specs/mixedcontent/

If the TLS connection is unauthenticated, there is no point in blocking mixed content. This will result in a confusing situation for browser UIs (are they supposed to display both a shield and a broken lock? but there is no point in having a shield to "protect" you from mixed content on an unauthenticated connection!), so we really should allow it in this case.

This will likely need to be implemented separately for each port, but other ports very probably want this too.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150306/1907a2dd/attachment-0002.html>