Bug 142412

Summary: [GTK] Allow mixed content when the TLS connection is unauthenticated
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: mcatanzaro
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Bug Depends on:    
Bug Blocks: 140625    

Description Michael Catanzaro 2015-03-06 14:40:28 PST 
Another difference between our behavior and http://w3c.github.io/webappsec/specs/mixedcontent/

If the TLS connection is unauthenticated, there is no point in blocking mixed content. This will result in a confusing situation for browser UIs (are they supposed to display both a shield and a broken lock? but there is no point in having a shield to "protect" you from mixed content on an unauthenticated connection!), so we really should allow it in this case.

This will likely need to be implemented separately for each port, but other ports very probably want this too.
Comment 1 Michael Catanzaro 2015-11-10 17:25:51 PST 
This was a dumb idea.