[Webkit-unassigned] [Bug 171934] Content from loopback addresses (e.g. should not be considered mixed content

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 18 10:25:56 PDT 2019


--- Comment #46 from antoine at thirdshelf.com ---
Michael Catanzaro: I see that SecurityOrigin.cpp has this 

// FIXME: Ensure that localhost resolves to the loopback address. 


bool SecurityOrigin::isLocalHostOrLoopbackIPAddress(StringView host)

I would suggest that the fix to this bug not tackle "localhost" resolution but focus on the loopback address, and a separate bug be filed for localhost.

In that context, the fix would only be changing the function MixedContentChecker::isMixedContent line 62:

return !SecurityOrigin::isSecure(url);


return !(SecurityOrigin::isSecure(url) || SecurityOrigin::isLoopbackIPAddress(url));

Modifications to tests would involve replacing to localhost at the appropriate places (which would then be modified as necessary as part of a separate bug to tackle localhost rules).

Would a fix with those changes be acceptable?

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191018/aa731e0e/attachment.html>

More information about the webkit-unassigned mailing list