[Webkit-unassigned] [Bug 196182] Using Application Cache on HTTPS websites breaks browser security indicators (e.g. webkit_web_view_get_tls_info()); CertificateInfo not properly cached

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Mar 24 14:49:02 PDT 2019


https://bugs.webkit.org/show_bug.cgi?id=196182

--- Comment #5 from Michael Catanzaro <mcatanzaro at igalia.com> ---
(In reply to Alexey Proskuryakov from comment #4)
> Local cache cannot be trusted in the same
> ways as the origin server

Why not? If WebKit caches aren't trusted, then we have a big problem!

I don't think we need to store trust decisions in the cache, anyway. If we just encode the CertificateInfo into the cache using the existing WTF::Persistence coders, then the certificate's trust can be evaluated at runtime.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190324/c87cc6bb/attachment-0001.html>


More information about the webkit-unassigned mailing list