[Webkit-unassigned] [Bug 219396] New: Remove mixed content blocking, deprecate insecure-content-detected signals, and automatically upgrade insecure requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 1 06:19:47 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=219396
Bug ID: 219396
Summary: Remove mixed content blocking, deprecate
insecure-content-detected signals, and automatically
upgrade insecure requests
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at gnome.org
Blocks: 140625
Nowadays, Chrome has started blocking all mixed content unconditionally (except form targets, but it will block those too very soon), per https://www.feistyduck.com/bulletproof-tls-newsletter/issue_70_chrome_developers_want_to_eliminate_mixed_content. If we were to implement that, then we could deprecate the insecure-content-detected WPE/GTK API signal and remove the API tests for it. The relevant internal APIs can be removed, and the corresponding Cocoa API can also be deprecated.
To make this work, we need to automatically rewrite insecure URLs to https:// (or wss://), and allow the content to fail to load if that doesn't work. An exception would be in place for loopback.
This will obsolete bug #142469 and some (but not all) of the other bugs blocking bug #140625. We just need to make sure all the various types of resource loads are properly upgraded.
Referenced Bugs:
https://bugs.webkit.org/show_bug.cgi?id=140625
[Bug 140625] Support mixed content blocking
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201201/8bbca751/attachment-0001.htm>
More information about the webkit-unassigned
mailing list