[Webkit-unassigned] [Bug 171934] Content from loopback addresses (e.g. 127.0.0.1) should not be considered mixed content
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 24 10:00:07 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=171934
--- Comment #40 from Michael Catanzaro <mcatanzaro at igalia.com> ---
I think this is probably a small change in MixedContentChecker::isMixedContent in Source/WebCore/loader/MixedContentChecker.cpp.
The challenge is going to be layout tests. First, the change requires a layout test of its own. But also, all our mixed content layout tests use an Apache server running on 127.0.0.1, so all those tests would break if we fix this. I think, since we'd probably be allowing 127.0.0.1 and ::1 but not localhost, as per the spec, perhaps we could switch the URIs for all the existing mixed content tests to use localhost to verify that mixed content blocking still applies to localhost, and a new test for this bug could use 127.0.0.1 and ::1 to verify that the mixed content checks don't apply to the loopback addresses.
P.S. If anyone is interested in contributing -- remember WebKit is an open source project after all -- see https://webkit.org/contributing-code/ for tips. Changes can be approved by any reviewer, though since this is a controversial issue we'd seek consensus first.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190124/8f615b63/attachment.html>
More information about the webkit-unassigned
mailing list