258711 – make-https rule doesn't cause hasOnlySecureContent to be true

NEW 258711

make-https rule doesn't cause hasOnlySecureContent to be true

https://bugs.webkit.org/show_bug.cgi?id=258711

Summary make-https rule doesn't cause hasOnlySecureContent to be true

meacer

Reported 2023-06-29 22:32:42 PDT

If a content blocking rule with `make-https` upgrades a subresource from http:// to https://, webkit still reports `hasOnlySecureContent=false` even if the page never loads any http:// resource. Here is a sample app (the whole repo should be buildable): https://github.com/meacer/swift-ios-wkwebview-demo-make-https/blob/master/wkwebview/ViewController.swift In this app, line 63 will print `hasOnlySecureContent: false` even though the image subresource is loaded over https. (We recently implemented mixed content upgrading in Chromium on iOS using a make-https content rule, and this bug is preventing us from showing the correct page security state in the omnibox.)

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2023-07-06 22:33:17 PDT

<rdar://problem/111889557>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version Safari 17

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2023-06-29 22:32 PDT

Modified

2023-07-06 22:33 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks