WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
35438
Expose an API for ports to add schemes to the mixed content whitelist
https://bugs.webkit.org/show_bug.cgi?id=35438
Summary
Expose an API for ports to add schemes to the mixed content whitelist
Adam Barth
Reported
2010-02-26 10:45:19 PST
Chrome extensions cause "Some insecure content" on all secure pages
Attachments
Patch
(3.64 KB, patch)
2010-02-26 10:47 PST
,
Adam Barth
no flags
Details
Formatted Diff
Diff
Patch
(5.68 KB, patch)
2010-02-26 15:17 PST
,
Adam Barth
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Adam Barth
Comment 1
2010-02-26 10:47:19 PST
Created
attachment 49600
[details]
Patch
Darin Adler
Comment 2
2010-02-26 10:56:30 PST
Comment on
attachment 49600
[details]
Patch
> +#if PLATFORM(CHROMIUM) > + secureSchemes.add("chrome-extension"); > +#endif
Is this the right place to add this? Wouldn't this registration belong in Chromium code rather than in Chromium WebKit? I'd expect the same level that adds the extension mechanism would want to register the scheme so that other clients without the mechanism wouldn't have it registered.
Adam Barth
Comment 3
2010-02-26 13:11:32 PST
That was my original plan, but then I saw the following:
http://trac.webkit.org/browser/trunk/WebCore/page/SecurityOrigin.cpp#L57
IMHO, we shouldn't have platform-specific ifdefs in either place.
Sam Weinig
Comment 4
2010-02-26 14:20:19 PST
(In reply to
comment #3
)
> That was my original plan, but then I saw the following: > >
http://trac.webkit.org/browser/trunk/WebCore/page/SecurityOrigin.cpp#L57
> > IMHO, we shouldn't have platform-specific ifdefs in either place.
That could probably be turned into something we set at the WebKit layer. One difference is that applewebdata is a WebKit level thing (still admittedly a layering violation), the chrome-extensions are an Application layer thing.
Adam Barth
Comment 5
2010-02-26 14:22:34 PST
Comment on
attachment 49600
[details]
Patch Indeed. Will spin up a new patch once I finish up what I've currently got in my tree.
Sam Weinig
Comment 6
2010-02-26 14:23:39 PST
Comment on
attachment 49600
[details]
Patch I agree with Darin, the chrome application should register the scheme. Please file another bug about removing applewebdata from the local schemes list. r-.
Adam Barth
Comment 7
2010-02-26 15:17:17 PST
Created
attachment 49655
[details]
Patch
Adam Barth
Comment 8
2010-02-26 15:18:10 PST
+fishd for WEBKIT_API review.
WebKit Commit Bot
Comment 9
2010-02-26 19:20:27 PST
Comment on
attachment 49655
[details]
Patch Clearing flags on attachment: 49655 Committed
r55335
: <
http://trac.webkit.org/changeset/55335
>
WebKit Commit Bot
Comment 10
2010-02-26 19:20:32 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug