NEW 250418
Secure Contexts: Documents whose environment has a data: top-level creation URL are not considered a secure context.
https://bugs.webkit.org/show_bug.cgi?id=250418
Summary Secure Contexts: Documents whose environment has a data: top-level creation U...
Ryan Reno
Reported 2023-01-10 15:26:53 PST
data:text/html,<h1>Hello World!</h1> window.isSecureContext returns false. My reading of https://html.spec.whatwg.org/multipage/webappapis.html#secure-contexts says we should get a result of "Potentially Trustworthy" which should imply a secure context (step 2 of the linked algorithm).
Attachments
Radar WebKit Bug Importer
Comment 1 2023-01-10 15:27:04 PST
Ryan Reno
Comment 2 2023-01-10 16:18:04 PST
We are intentionally treating data URLs as opaque origins. https://bugs.webkit.org/show_bug.cgi?id=11885
Ryan Reno
Comment 3 2023-01-11 18:05:57 PST
Note You need to log in before you can comment on or make changes to this bug.