I will need to update all of the patches now that bug #142378 unexpectedly occurred. But that was a good step in the right direction, so I'll keep pushing forward: * Bug #140621, mixed content frames, is now obsolete. I have closed that. * Bug #142341, mixed content fonts, is also obsolete. I have closed it and opened a new bug to add tests. * Bug #140940 is just for the layout tests. We should coordinate there to get the layout tests into a nice state. If you don't want any of my tests, we can close the bug, but we should probably add at least the ones that aren't redundant with yours, Oliver. We should probably also consider restoring the tests that detected but did not block content. * Bug #140793, mixed XHR, is probably obsolete. I changed XHR to trigger the XHR's onerror handler when the XHR gets blocked, which the WIP mixed content spec strongly implied we should do, but it doesn't actually tell us to do it (it seems to presume that we're *already* doing it). I don't quite understand how your version works (where in the code does the XHR get blocked? I guess it gets handled by CachedResourceLoader and so no explicit handling of XHR is required!), but judging by your test it's working properly, and I can't properly explain my own expected results looking at them now (well I can, if the insecure load is blocked by CachedResourceLoader, that makes sense :). I've closed the bug. * I still need a review in bug #138127, the page cache bug. That should be largely unaffected by your work, but we'll need to rethink the console warnings I add in that bug, and maybe the solution as well since I'm not entirely comfortable with marking the entire cached page as mixed content. Alternatives would be to not cache pages with mixed content, or remember each individual piece of mixed content for each page. * Bug #140624, mixed content web sockets, is largely unaffected by these changes, asides from the function signature change. A preliminary review there would be great, since it depends on bug #140940 for the test directory layout. * Bug #140392 exists for new GTK+ API, and also adds a new WebCore event to signal when content was blocked. I'll need to update that patch now, but a preliminary review here would also be super. * The other bugs here don't have any patches yet.