Bug 258711
| Summary: | make-https rule doesn't cause hasOnlySecureContent to be true | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | meacer |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, bfulgham, meacer, m_finkel, webkit-bug-importer, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 17 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
meacer
If a content blocking rule with `make-https` upgrades a subresource from http:// to https://, webkit still reports `hasOnlySecureContent=false` even if the page never loads any http:// resource.
Here is a sample app (the whole repo should be buildable): https://github.com/meacer/swift-ios-wkwebview-demo-make-https/blob/master/wkwebview/ViewController.swift
In this app, line 63 will print `hasOnlySecureContent: false` even though the image subresource is loaded over https.
(We recently implemented mixed content upgrading in Chromium on iOS using a make-https content rule, and this bug is preventing us from showing the correct page security state in the omnibox.)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/111889557>