Bug 63145 - filesystem URLs shouldn't trigger mixed content warnings
Summary: filesystem URLs shouldn't trigger mixed content warnings
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 140625
  Show dependency treegraph
 
Reported: 2011-06-22 09:08 PDT by WebKit Review Bot
Modified: 2020-11-16 06:15 PST (History)
5 users (show)

See Also:


Attachments
Needs tests (3.52 KB, patch)
2011-06-22 10:03 PDT, Adam Barth
no flags Details | Formatted Diff | Diff
Another approach (still no tests) (728 bytes, patch)
2011-06-22 20:21 PDT, Adam Barth
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description WebKit Review Bot 2011-06-22 09:08:25 PDT
filesystem URLs shouldn't trigger mixed content warnings
Requested by abarth on #webkit.
Comment 1 Adam Barth 2011-06-22 10:03:14 PDT
Created attachment 98192 [details]
Needs tests
Comment 2 Adam Barth 2011-06-22 20:21:18 PDT
Created attachment 98307 [details]
Another approach (still no tests)
Comment 3 Adam Barth 2011-06-22 20:23:19 PDT
I think the second approach is better, but other folks might have opinions.
Comment 4 Adam Klein 2011-06-23 11:13:13 PDT
Agreed, the second seems more elegant (and those asserts should already be covered by layout tests as well; I'm pretty sure there's one for filesystem: anyway).
Comment 5 Adam Barth 2011-06-23 11:22:46 PDT
(In reply to comment #4)
> Agreed, the second seems more elegant (and those asserts should already be covered by layout tests as well; I'm pretty sure there's one for filesystem: anyway).

Ok.  I'll write a test and complete the patch.  I'm going to leave the ASSERTs there because they explain why it's safe to have those entries in that list.
Comment 6 Adam Barth 2011-10-13 16:13:29 PDT
I'm not actively working on this bug.  We had a larger discussion about how to treat these URLs globally in Chrome, which might inform what we do here.
Comment 7 Frédéric Wang (:fredw) 2020-11-16 06:15:29 PST
These are the relevant links in the current spec:

https://w3c.github.io/webappsec-mixed-content/#mixed-content
https://w3c.github.io/webappsec-mixed-content/#a-priori-authenticated-url
https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-url

> "Return the result of executing § 3.2 Is origin potentially trustworthy? on url’s origin."
> Note: The origin of blob: and filesystem: URLs is the origin of the context in which they were created. Therefore, blobs created in a trustworthy origin will themselves be potentially trustworthy.