Bug 140793

Summary: XHR should be treated as active mixed content
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebCore Misc.Assignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Enhancement CC: ap, beidson, buildbot, cgarcia, mcatanzaro, rniwa, zan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Bug Depends on: 140940    
Bug Blocks: 140625    
Attachments:
Description Flags
Patch
none
Block mixed content XHR
buildbot: commit-queue-
Archive of layout-test-results from ews105 for mac-mavericks-wk2
none
Archive of layout-test-results from ews101 for mac-mavericks none

Description Michael Catanzaro 2015-01-22 15:42:41 PST 
XHR should not be permitted to open HTTP URLs when active mixed content is blocked, and should trigger mixed content warnings otherwise.
Comment 1 Michael Catanzaro 2015-01-22 15:51:31 PST 
Created attachment 245175 [details]
Patch
Comment 2 Michael Catanzaro 2015-01-27 15:28:21 PST 
Created attachment 245482 [details]
Block mixed content XHR
Comment 3 Build Bot 2015-01-27 15:51:54 PST 
Comment on attachment 245482 [details]
Block mixed content XHR

Attachment 245482 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/4810588546924544

New failing tests:
http/tests/security/mixedContent/ssl/insecure-xhr-in-main-frame.html
http/tests/security/mixedContent/ssl/insecure-xhr-in-iframe.html
Comment 4 Build Bot 2015-01-27 15:51:56 PST 
Created attachment 245488 [details]
Archive of layout-test-results from ews105 for mac-mavericks-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews105  Port: mac-mavericks-wk2  Platform: Mac OS X 10.9.5
Comment 5 Build Bot 2015-01-27 16:25:51 PST 
Comment on attachment 245482 [details]
Block mixed content XHR

Attachment 245482 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/5909659940552704

New failing tests:
http/tests/security/mixedContent/ssl/insecure-xhr-in-main-frame.html
http/tests/security/mixedContent/ssl/insecure-xhr-in-iframe.html
Comment 6 Build Bot 2015-01-27 16:25:54 PST 
Created attachment 245490 [details]
Archive of layout-test-results from ews101 for mac-mavericks

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101  Port: mac-mavericks  Platform: Mac OS X 10.9.5
Comment 7 Michael Catanzaro 2015-03-06 15:05:32 PST 
This is fixed by bug #142378. Also, I think my changes were not ideal anyway: see  bug #140625.