Bug 140793 - XHR should be treated as active mixed content
Summary: XHR should be treated as active mixed content
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC All
: P2 Enhancement
Assignee: Michael Catanzaro
URL:
Keywords:
Depends on: 140940
Blocks: 140625
  Show dependency treegraph
 
Reported: 2015-01-22 15:42 PST by Michael Catanzaro
Modified: 2015-03-06 15:05 PST (History)
7 users (show)

See Also:


Attachments
Patch (5.22 KB, patch)
2015-01-22 15:51 PST, Michael Catanzaro
no flags Details | Formatted Diff | Diff
Block mixed content XHR (10.46 KB, patch)
2015-01-27 15:28 PST, Michael Catanzaro
buildbot: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ews105 for mac-mavericks-wk2 (770.01 KB, application/zip)
2015-01-27 15:51 PST, Build Bot
no flags Details
Archive of layout-test-results from ews101 for mac-mavericks (586.13 KB, application/zip)
2015-01-27 16:25 PST, Build Bot
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2015-01-22 15:42:41 PST
XHR should not be permitted to open HTTP URLs when active mixed content is blocked, and should trigger mixed content warnings otherwise.
Comment 1 Michael Catanzaro 2015-01-22 15:51:31 PST
Created attachment 245175 [details]
Patch
Comment 2 Michael Catanzaro 2015-01-27 15:28:21 PST
Created attachment 245482 [details]
Block mixed content XHR
Comment 3 Build Bot 2015-01-27 15:51:54 PST
Comment on attachment 245482 [details]
Block mixed content XHR

Attachment 245482 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/4810588546924544

New failing tests:
http/tests/security/mixedContent/ssl/insecure-xhr-in-main-frame.html
http/tests/security/mixedContent/ssl/insecure-xhr-in-iframe.html
Comment 4 Build Bot 2015-01-27 15:51:56 PST
Created attachment 245488 [details]
Archive of layout-test-results from ews105 for mac-mavericks-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews105  Port: mac-mavericks-wk2  Platform: Mac OS X 10.9.5
Comment 5 Build Bot 2015-01-27 16:25:51 PST
Comment on attachment 245482 [details]
Block mixed content XHR

Attachment 245482 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/5909659940552704

New failing tests:
http/tests/security/mixedContent/ssl/insecure-xhr-in-main-frame.html
http/tests/security/mixedContent/ssl/insecure-xhr-in-iframe.html
Comment 6 Build Bot 2015-01-27 16:25:54 PST
Created attachment 245490 [details]
Archive of layout-test-results from ews101 for mac-mavericks

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101  Port: mac-mavericks  Platform: Mac OS X 10.9.5
Comment 7 Michael Catanzaro 2015-03-06 15:05:32 PST
This is fixed by bug #142378. Also, I think my changes were not ideal anyway: see  bug #140625.