Bug 142412 - [GTK] Allow mixed content when the TLS connection is unauthenticated
Summary: [GTK] Allow mixed content when the TLS connection is unauthenticated
Status: RESOLVED WONTFIX
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 140625
  Show dependency treegraph
 
Reported: 2015-03-06 14:40 PST by Michael Catanzaro
Modified: 2015-11-10 17:25 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2015-03-06 14:40:28 PST 
Another difference between our behavior and http://w3c.github.io/webappsec/specs/mixedcontent/

If the TLS connection is unauthenticated, there is no point in blocking mixed content. This will result in a confusing situation for browser UIs (are they supposed to display both a shield and a broken lock? but there is no point in having a shield to "protect" you from mixed content on an unauthenticated connection!), so we really should allow it in this case.

This will likely need to be implemented separately for each port, but other ports very probably want this too.
Comment 1 Michael Catanzaro 2015-11-10 17:25:51 PST 
This was a dumb idea.