From https://w3c.github.io/webappsec-mixed-content/#a-priori-authenticated-url :
a priori authenticated URL
We know a priori that a request to a particular URL (url) will be delivered in a way that mitigates the risks of interception and modifications if either of the following statements is true:
url is a potentially trustworthy URL [SECURE-CONTEXTS].
url’s scheme is "data".
Note: We special case data URLs here, as we don’t consider them particularly trustworthy, but we also don’t wish to block them as mixed content, as they never hit the network.
We need to do more work for "potentially trustworthy", including bug 218623 and bug 218627.
This bug is about the case when the scheme is "data".
Created attachment 414218 [details]
Created attachment 414221 [details]
218623+218627+218977 for EWS
This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess