Bug 155588

Summary: CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
Product: WebKit Reporter: Jer Noble <jer.noble>
Component: New BugsAssignee: Jer Noble <jer.noble>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, japhet, mcatanzaro, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
dbates: review+
Patch for landing
none
Follow-up patch none

Description Jer Noble 2016-03-17 10:52:16 PDT
CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
Comment 1 Jer Noble 2016-03-17 11:23:22 PDT
Created attachment 274302 [details]
Patch
Comment 2 Jer Noble 2016-03-17 11:24:47 PDT
<rdar://problem/25177795>
Comment 3 Daniel Bates 2016-03-17 11:34:16 PDT
Comment on attachment 274302 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=274302&action=review

> Source/WebCore/ChangeLog:10
> +        The Mixed Content spec specifically allows (with certain restrictions) loads of <image>,
> +        <video>, and <audio> resources from mixed-content origins, albeit with warnings.

For your consideration, I suggest that we explicitly provide either a versioned link to the Mixed Content spec or an unversioned link and explicitly mention the type of spec (Editor Draft/CR) and a date. This will make it straightforward to understand the state of the spec when we made this change should the spec change in the future. One example of a ChangeLog that references a spec is <http://trac.webkit.org/changeset/197944>. Another example is <http://trac.webkit.org/changeset/198115>.

> Source/WebCore/loader/cache/CachedResourceLoader.cpp:291
> +    // https://w3c.github.io/webappsec-mixed-content/#category-optionally-blockable

Please add the date of this draft or use a versioned link and explicitly mention the section name.
Comment 4 Daniel Bates 2016-03-17 11:38:07 PDT
Comment on attachment 274302 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=274302&action=review

> Source/WebCore/ChangeLog:12
> +        No new tests, fixes existing test: http/tests/security/mixedContent/resources/frame-with-insecure-audio-video.html

This is the not a test, it is a resource loaded by a test. The test that you are fixing is http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html.
Comment 5 Jer Noble 2016-03-17 11:46:12 PDT
Created attachment 274304 [details]
Patch for landing
Comment 6 WebKit Commit Bot 2016-03-18 12:05:03 PDT
Comment on attachment 274304 [details]
Patch for landing

Clearing flags on attachment: 274304

Committed r198436: <http://trac.webkit.org/changeset/198436>
Comment 7 Jer Noble 2016-03-22 16:53:51 PDT
Reopening to attach new patch.
Comment 8 Jer Noble 2016-03-22 16:53:54 PDT
Created attachment 274702 [details]
Follow-up patch
Comment 9 Brent Fulgham 2016-03-22 16:57:31 PDT
Comment on attachment 274702 [details]
Follow-up patch

r=me.
Comment 10 WebKit Commit Bot 2016-03-22 17:47:43 PDT
Comment on attachment 274702 [details]
Follow-up patch

Clearing flags on attachment: 274702

Committed r198566: <http://trac.webkit.org/changeset/198566>
Comment 11 Michael Catanzaro 2016-03-23 14:35:56 PDT
How did we fail to notice the test was broken? :/ Why are there no changes to the test expectations?
Comment 12 Jer Noble 2016-03-23 15:24:43 PDT
(In reply to comment #11)
> How did we fail to notice the test was broken? :/ Why are there no changes
> to the test expectations?

EFL and GTK both have that test marked as failing. If it now passes again, we should probably remove that TestExpectation.