[Webkit-unassigned] [Bug 219396] Remove mixed content blocking, deprecate insecure-content-detected signals, and automatically upgrade insecure requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 19 15:06:01 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=219396
--- Comment #2 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Basically we want to:
* Upgrade any mixed content that we do not block today, block if secure connection is unavailable
* Continue blocking everything that we block today (unchanged) (unless upgrade-insecure-requests CSP is used, unchanged)
* Make sure to block mixed downloads
The spec offers the possibility of an option to disable all of this and just load mixed content, but WebKit should not allow that. We can also remove preferences for AllowDisplayOfInsecureContent and AllowDisplayAndRunningOfInsecureContent.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220719/77a26b4d/attachment.htm>
More information about the webkit-unassigned
mailing list