Handle Mixed Content passthrough requests as per ServiceWorker spec |
||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 Steps to reproduce the problem: 1. Serve this website over HTTPS: index.html: ``` <img src="http://i.imgur.com/ztApnbv.jpg"> <script> navigator.serviceWorker.register('sw.js'); </script> ``` sw.js ``` self.addEventListener('fetch', ev => ev.respondWith(fetch(ev.request))); ``` 2. Go to hosted site, see the linked image being loaded 3. Refresh, see the linked image being blocked I have hosted this example here: https://f.surma.link/sw-passthrough/ What is the expected behavior? The image should still load, as stated by the SW spec: https://w3c.github.io/webappsec-mixed-content/#is-passthrough What went wrong? Mixed content is blocked when it is loaded through a service worker, even if it is passive content. Did this work before? No Chrome version: 50.0.2661.102 Channel: stable OS Version: OS X 10.11.4 Flash Version: Shockwave Flash 21.0 r0
,
May 24 2016
,
May 27 2016
surma@ is it ok to remove Restrict-View-Google? I see nothing secret here., and it looks like not a security bug (the bug is that we're being too restrictive). Tentatively assigning to horo@.
,
May 27 2016
Yes go ahead. Used my @google account by accident, actually.
,
May 27 2016
,
Jun 2 2016
,
Apr 4 2017
,
Nov 10 2017
,
Feb 18 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by rsesek@chromium.org
, May 24 2016