[Webkit-unassigned] [Bug 258711] New: make-https rule doesn't cause hasOnlySecureContent to be true
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 29 22:32:42 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=258711
Bug ID: 258711
Summary: make-https rule doesn't cause hasOnlySecureContent to
be true
Product: WebKit
Version: Safari 17
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: meacer at chromium.org
If a content blocking rule with `make-https` upgrades a subresource from http:// to https://, webkit still reports `hasOnlySecureContent=false` even if the page never loads any http:// resource.
Here is a sample app (the whole repo should be buildable): https://github.com/meacer/swift-ios-wkwebview-demo-make-https/blob/master/wkwebview/ViewController.swift
In this app, line 63 will print `hasOnlySecureContent: false` even though the image subresource is loaded over https.
(We recently implemented mixed content upgrading in Chromium on iOS using a make-https content rule, and this bug is preventing us from showing the correct page security state in the omnibox.)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230630/8c4f9ecc/attachment.htm>
More information about the webkit-unassigned
mailing list