Summary: | CachedResource::MediaResource types shouldn't be blocked due to mixed-content. | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Jer Noble <jer.noble> | ||||||||
Component: | New Bugs | Assignee: | Jer Noble <jer.noble> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | cdumez, commit-queue, japhet, mcatanzaro, webkit-bug-importer | ||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||
Version: | WebKit Nightly Build | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Attachments: |
|
Description
Jer Noble
2016-03-17 10:52:16 PDT
Created attachment 274302 [details]
Patch
Comment on attachment 274302 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=274302&action=review > Source/WebCore/ChangeLog:10 > + The Mixed Content spec specifically allows (with certain restrictions) loads of <image>, > + <video>, and <audio> resources from mixed-content origins, albeit with warnings. For your consideration, I suggest that we explicitly provide either a versioned link to the Mixed Content spec or an unversioned link and explicitly mention the type of spec (Editor Draft/CR) and a date. This will make it straightforward to understand the state of the spec when we made this change should the spec change in the future. One example of a ChangeLog that references a spec is <http://trac.webkit.org/changeset/197944>. Another example is <http://trac.webkit.org/changeset/198115>. > Source/WebCore/loader/cache/CachedResourceLoader.cpp:291 > + // https://w3c.github.io/webappsec-mixed-content/#category-optionally-blockable Please add the date of this draft or use a versioned link and explicitly mention the section name. Comment on attachment 274302 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=274302&action=review > Source/WebCore/ChangeLog:12 > + No new tests, fixes existing test: http/tests/security/mixedContent/resources/frame-with-insecure-audio-video.html This is the not a test, it is a resource loaded by a test. The test that you are fixing is http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html. Created attachment 274304 [details]
Patch for landing
Comment on attachment 274304 [details] Patch for landing Clearing flags on attachment: 274304 Committed r198436: <http://trac.webkit.org/changeset/198436> Reopening to attach new patch. Created attachment 274702 [details]
Follow-up patch
Comment on attachment 274702 [details]
Follow-up patch
r=me.
Comment on attachment 274702 [details] Follow-up patch Clearing flags on attachment: 274702 Committed r198566: <http://trac.webkit.org/changeset/198566> How did we fail to notice the test was broken? :/ Why are there no changes to the test expectations? (In reply to comment #11) > How did we fail to notice the test was broken? :/ Why are there no changes > to the test expectations? EFL and GTK both have that test marked as failing. If it now passes again, we should probably remove that TestExpectation. |