[Webkit-unassigned] [Bug 171934] Content from loopback addresses (e.g. 127.0.0.1) should not be considered mixed content
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 18 10:25:56 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=171934
--- Comment #46 from antoine at thirdshelf.com ---
Michael Catanzaro: I see that SecurityOrigin.cpp has this
// FIXME: Ensure that localhost resolves to the loopback address.
in
bool SecurityOrigin::isLocalHostOrLoopbackIPAddress(StringView host)
I would suggest that the fix to this bug not tackle "localhost" resolution but focus on the loopback address, and a separate bug be filed for localhost.
In that context, the fix would only be changing the function MixedContentChecker::isMixedContent line 62:
return !SecurityOrigin::isSecure(url);
to
return !(SecurityOrigin::isSecure(url) || SecurityOrigin::isLoopbackIPAddress(url));
Modifications to tests would involve replacing 127.0.0.1 to localhost at the appropriate places (which would then be modified as necessary as part of a separate bug to tackle localhost rules).
Would a fix with those changes be acceptable?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191018/aa731e0e/attachment.html>
More information about the webkit-unassigned
mailing list