142387 2015-03-06 00:08:42 -0800 REGRESSION(r181134): [GTK] Test /webkit2/WebKitWebView/insecure-content is failing after r181134 2015-04-13 08:07:44 -0700 1 1 1 Unclassified WebKit Tools / Tests 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED Gtk, Regression P2 Normal --- 140625 1 cgarcia mcatanzaro chavarria1991 darin gustavo mcatanzaro mrobinson oliver svillar oldest_to_newest 1074862 0 cgarcia 2015-03-06 00:08:42 -0800 Since r181134 we are now blocking mixed content by default (except for images if I understood the patch correctly, where we still show a warning in the console message, and the client is notified), which is indeed good news. The test is only failing for the run-insecure-content, not the display one because it uses an image. So, we should probably check now that the load failed in provisional load state. The thing is, since we don't expose the allowDisplayOfInsecureContent nor the allowRunningOfInsecureContent settings in the API, WEBKIT_INSECURE_CONTENT_RUN is now impossible to happen. Fortunately we didn't document any default policy in our API docs, so we can just change it, but I think we should document the new behaviour, explaining that running insecure content is always blocked, that WEBKIT_INSECURE_CONTENT_RUN is deprecated, so WebKitWebView::insecure-content-detected will only be called with WEBKIT_INSECURE_CONTENT_DISPLAYED and only for images, because all other contents will be blocked producing a load failure of the resource. Or we could expose the settings in our API, and keeping our current unit tests but enabling the settings (I would still keep the setting disabled by default in this case, even if it's not backwards compatible). 1074921 1 mcatanzaro 2015-03-06 06:52:34 -0800 Bug #140392 adds API to expose those settings. Currently all browsers that block mixed content have UI to disable blocking on the current page. As much as I'd like to avoid that, because *most* sites will not break, we probably have to add it. So we will still need WEBKIT_INSECURE_CONTENT_RUN. The change in default will be good, but only for 2.10. 1074922 2 mcatanzaro 2015-03-06 07:01:07 -0800 Also the patch in that bug probably fixes the test case, but it changes cross-platform code to add WEBKIT_INSECURE_CONTENT_BLOCKED so we need an Apple reviewer. 1074938 3 cgarcia 2015-03-06 08:29:56 -0800 (In reply to comment #1) > Bug #140392 adds API to expose those settings. Currently all browsers that > block mixed content have UI to disable blocking on the current page. As much > as I'd like to avoid that, because *most* sites will not break, we probably > have to add it. So we will still need WEBKIT_INSECURE_CONTENT_RUN. > > The change in default will be good, but only for 2.10. Yes, this doesn't affect any of the stable branches. 1076903 4 cgarcia 2015-03-13 01:48:13 -0700 *** Bug 142663 has been marked as a duplicate of this bug. *** 1076939 5 mcatanzaro 2015-03-13 07:09:06 -0700 Note that we can't do anything about this (besides skip the test) until we get approval from Apple on how to handle bug #142469. 1076940 6 cgarcia 2015-03-13 07:30:35 -0700 (In reply to comment #5) > Note that we can't do anything about this (besides skip the test) until we > get approval from Apple on how to handle bug #142469. Since the test is only failing for the run-execute-content I prefer to add #if 0 to the affected part with a FIXME pointing to this bug instead of skipping the test. 1084797 7 250638 svillar 2015-04-13 07:47:35 -0700 Created attachment 250638 Patch Let's update the expected result instead of indefinitely wait for some other bugs 1084801 8 250638 cgarcia 2015-04-13 08:04:01 -0700 Comment on attachment 250638 Patch Ok, we will update this test when the new api is added 1084802 9 250638 svillar 2015-04-13 08:07:27 -0700 Comment on attachment 250638 Patch Clearing flags on attachment: 250638 Committed r182733: <http://trac.webkit.org/changeset/182733> 1084803 10 svillar 2015-04-13 08:07:44 -0700 All reviewed patches have been landed. Closing bug. 250638 2015-04-13 07:47:35 -0700 2015-04-13 08:07:27 -0700 Patch bug-142387-20150413164638.patch text/plain 1695 svillar U3VidmVyc2lvbiBSZXZpc2lvbjogMTgyNzI2CmRpZmYgLS1naXQgYS9Ub29scy9DaGFuZ2VMb2cg Yi9Ub29scy9DaGFuZ2VMb2cKaW5kZXggYzBmZWUzMmM4MTAzZTYzNjk1MzAwMTQ5ZGY5YTY5Zjdh NTBjMzI1NS4uOGM5N2IzNTkwZTZjMDYyOTZkZmZkNTM2YzE3MTY4MDI5OWI4NGNkNyAxMDA2NDQK LS0tIGEvVG9vbHMvQ2hhbmdlTG9nCisrKyBiL1Rvb2xzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2 IEBACisyMDE1LTA0LTEzICBTZXJnaW8gVmlsbGFyIFNlbmluICA8c3ZpbGxhckBpZ2FsaWEuY29t PgorCisgICAgICAgIFJFR1JFU1NJT04ocjE4MTEzNCk6IFtHVEtdIFRlc3QgL3dlYmtpdDIvV2Vi S2l0V2ViVmlldy9pbnNlY3VyZS1jb250ZW50IGlzIGZhaWxpbmcgYWZ0ZXIgcjE4MTEzNAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQyMzg3CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgUnVubmluZyBtaXhl ZCBjb250ZW50IGlzIGJsb2NrZWQgYnkgZGVmYXVsdCBzaW5jZSByMTgxMTM0LiBVcGRhdGVkCisg ICAgICAgIHRoZSB0ZXN0IGNhc2UgdG8gcmVmbGVjdCB0aGUgbmV3IGRlZmF1bHQgc2V0dGluZ3Mu CisKKyAgICAgICAgKiBUZXN0V2ViS2l0QVBJL1Rlc3RzL1dlYktpdDJHdGsvVGVzdFNTTC5jcHA6 CisgICAgICAgICh0ZXN0SW5zZWN1cmVDb250ZW50KToKKwogMjAxNS0wNC0xMiAgR3l1eW91bmcg S2ltICA8Z3l1eW91bmcua2ltQHdlYmtpdC5vcmc+CiAKICAgICAgICAgW0VGTF0gRW5hYmxlIE1l ZGlhIFNvdXJjZQpkaWZmIC0tZ2l0IGEvVG9vbHMvVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJLaXQy R3RrL1Rlc3RTU0wuY3BwIGIvVG9vbHMvVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJLaXQyR3RrL1Rl c3RTU0wuY3BwCmluZGV4IDc0N2I1OWNjOWUxZDc0MzViYmU2ODk2Yjk4OWZjMjhmM2RiOWY2ZTMu LjEwYzVlNzNiNmNhZmU0NmQ3MDczMjBkMjdkZDM0MmMxM2EyNTIxZmIgMTAwNjQ0Ci0tLSBhL1Rv b2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV2ViS2l0Mkd0ay9UZXN0U1NMLmNwcAorKysgYi9Ub29s cy9UZXN0V2ViS2l0QVBJL1Rlc3RzL1dlYktpdDJHdGsvVGVzdFNTTC5jcHAKQEAgLTEyMyw3ICsx MjMsOSBAQCBzdGF0aWMgdm9pZCB0ZXN0SW5zZWN1cmVDb250ZW50KEluc2VjdXJlQ29udGVudFRl c3QqIHRlc3QsIGdjb25zdHBvaW50ZXIpCiAgICAgdGVzdC0+bG9hZFVSSShrSHR0cHNTZXJ2ZXIt PmdldFVSSUZvclBhdGgoIi9pbnNlY3VyZS1jb250ZW50LyIpLmRhdGEoKSk7CiAgICAgdGVzdC0+ d2FpdFVudGlsTG9hZEZpbmlzaGVkKCk7CiAKLSAgICBnX2Fzc2VydCh0ZXN0LT5tX2luc2VjdXJl Q29udGVudFJ1bik7CisgICAgZ19hc3NlcnQoIXRlc3QtPm1faW5zZWN1cmVDb250ZW50UnVuKTsK KyAgICAvLyBJbWFnZXMgYXJlIGN1cnJlbnRseSBhbHdheXMgZGlzcGxheWVkLCBldmVuIGJ5cGFz c2luZyBtaXhlZCBjb250ZW50IHNldHRpbmdzLiBDaGVjaworICAgIC8vIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDI0NjkKICAgICBnX2Fzc2VydCh0ZXN0LT5tX2lu c2VjdXJlQ29udGVudERpc3BsYXllZCk7CiAKICAgICB3ZWJraXRfd2ViX2NvbnRleHRfc2V0X3Rs c19lcnJvcnNfcG9saWN5KGNvbnRleHQsIG9yaWdpbmFsUG9saWN5KTsK