Bug 250418

Summary: Secure Contexts: Documents whose environment has a data: top-level creation URL are not considered a secure context.
Product: WebKit Reporter: Ryan Reno <rreno>
Component: DOMAssignee: Ryan Reno <rreno>
Status: NEW    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=11885

Ryan Reno
Reported 2023-01-10 15:26:53 PST
data:text/html,<h1>Hello World!</h1> window.isSecureContext returns false. My reading of https://html.spec.whatwg.org/multipage/webappapis.html#secure-contexts says we should get a result of "Potentially Trustworthy" which should imply a secure context (step 2 of the linked algorithm).
Attachments
Radar WebKit Bug Importer
Comment 1 2023-01-10 15:27:04 PST
Ryan Reno
Comment 2 2023-01-10 16:18:04 PST
We are intentionally treating data URLs as opaque origins. https://bugs.webkit.org/show_bug.cgi?id=11885
Ryan Reno
Comment 3 2023-01-11 18:05:57 PST
Note You need to log in before you can comment on or make changes to this bug.