Bug 62846

Summary:

Detect mixed-scripting involving https -> http redirects

Product:

WebKit

Reporter:

Chris Evans <cevans>

Component:

WebCore Misc.

Assignee:

Chris Evans <cevans>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	webkit.review.bot: commit-queue-
Patch	abarth: review+, abarth: commit-queue-
Patch	none

Description Chris Evans 2011-06-17 00:04:38 PDT

The current detection is thwarted by a redirect.

Comment 1 Chris Evans 2011-06-17 00:11:59 PDT

Created attachment 97550 [details]
Patch

Comment 2 WebKit Review Bot 2011-06-17 00:14:39 PDT

Attachment 97550 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/ChangeLog', u'LayoutTests/http..." exit_code: 1

Source/WebCore/loader/cache/CachedResourceLoader.cpp:202:  Place brace on its own line for function definitions.  [whitespace/braces] [4]
Total errors found: 1 in 6 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 3 Chris Evans 2011-06-17 00:17:42 PDT

Created attachment 97551 [details]
Patch

Comment 4 Chris Evans 2011-06-17 00:18:31 PDT

(Style nit fixed in 2nd patch)

Comment 5 WebKit Review Bot 2011-06-17 02:28:52 PDT

Comment on attachment 97551 [details]
Patch

Attachment 97551 [details] did not pass mac-ews (mac):
Output: http://queues.webkit.org/results/8881481

Comment 6 Chris Evans 2011-06-17 09:27:38 PDT

Created attachment 97607 [details]
Patch

Fix Mac compile warning.

Comment 7 Adam Barth 2011-06-17 09:36:44 PDT

Comment on attachment 97607 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=97607&action=review

This isn't a complete solution, but it's a good step forward.

> Source/WebCore/loader/cache/CachedResourceLoader.cpp:202
> +bool CachedResourceLoader::checkMixedContent(CachedResource::Type type, const KURL& url) const

I'd call this function checkInsecureContent to be consistent with the other terminology we're using.

Comment 8 Chris Evans 2011-06-17 11:45:35 PDT

Created attachment 97629 [details]
Patch

Fix function name.

Comment 9 WebKit Review Bot 2011-06-17 12:11:26 PDT

Comment on attachment 97629 [details]
Patch

Clearing flags on attachment: 97629

Committed r89155: <http://trac.webkit.org/changeset/89155>

Comment 10 WebKit Review Bot 2011-06-17 12:11:31 PDT

All reviewed patches have been landed.  Closing bug.