RESOLVED FIXED 35438
Expose an API for ports to add schemes to the mixed content whitelist
https://bugs.webkit.org/show_bug.cgi?id=35438
Summary Expose an API for ports to add schemes to the mixed content whitelist
Adam Barth
Reported 2010-02-26 10:45:19 PST
Chrome extensions cause "Some insecure content" on all secure pages
Attachments
Patch (3.64 KB, patch)
2010-02-26 10:47 PST, Adam Barth
no flags
Patch (5.68 KB, patch)
2010-02-26 15:17 PST, Adam Barth
no flags
Adam Barth
Comment 1 2010-02-26 10:47:19 PST
Darin Adler
Comment 2 2010-02-26 10:56:30 PST
Comment on attachment 49600 [details] Patch > +#if PLATFORM(CHROMIUM) > + secureSchemes.add("chrome-extension"); > +#endif Is this the right place to add this? Wouldn't this registration belong in Chromium code rather than in Chromium WebKit? I'd expect the same level that adds the extension mechanism would want to register the scheme so that other clients without the mechanism wouldn't have it registered.
Adam Barth
Comment 3 2010-02-26 13:11:32 PST
That was my original plan, but then I saw the following: http://trac.webkit.org/browser/trunk/WebCore/page/SecurityOrigin.cpp#L57 IMHO, we shouldn't have platform-specific ifdefs in either place.
Sam Weinig
Comment 4 2010-02-26 14:20:19 PST
(In reply to comment #3) > That was my original plan, but then I saw the following: > > http://trac.webkit.org/browser/trunk/WebCore/page/SecurityOrigin.cpp#L57 > > IMHO, we shouldn't have platform-specific ifdefs in either place. That could probably be turned into something we set at the WebKit layer. One difference is that applewebdata is a WebKit level thing (still admittedly a layering violation), the chrome-extensions are an Application layer thing.
Adam Barth
Comment 5 2010-02-26 14:22:34 PST
Comment on attachment 49600 [details] Patch Indeed. Will spin up a new patch once I finish up what I've currently got in my tree.
Sam Weinig
Comment 6 2010-02-26 14:23:39 PST
Comment on attachment 49600 [details] Patch I agree with Darin, the chrome application should register the scheme. Please file another bug about removing applewebdata from the local schemes list. r-.
Adam Barth
Comment 7 2010-02-26 15:17:17 PST
Adam Barth
Comment 8 2010-02-26 15:18:10 PST
+fishd for WEBKIT_API review.
WebKit Commit Bot
Comment 9 2010-02-26 19:20:27 PST
Comment on attachment 49655 [details] Patch Clearing flags on attachment: 49655 Committed r55335: <http://trac.webkit.org/changeset/55335>
WebKit Commit Bot
Comment 10 2010-02-26 19:20:32 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.