New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 629528 link

Starred by 2 users
Status: Assigned
Owner:
mkwst@chromium.org
Buried. Ping if important.
Cc:
mkwst@chromium.org
clamy@chromium.org
nasko@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug

Blocked on:
issue 576270


Sign in to add a comment

Evaluate moving the whole mixed content logic to the browser

Project Member Reported by carlosk@chromium.org, Jul 19 2016 
When  issue 576270  is concluded mixed content checks will be split between browser and renderer processes:
- The browser will take care of checking main resource loads (frame navigations).
- The renderer will check all remaining sub resource loads.

That will create a split and partial duplication of the mixed content checking code between Blink and content/ which is both a consistency risk and a maintenance burden. 

We should evaluate re-unifying this code and the direction that seems more promising right now is to fully move it to the browser.

This presents some issues for the case of sub resources. For instance it would at least add one IPC round trip to the browser per resource request for the check. Alternatively, if we should execute the check when the request arrives at the IO thread, it would require adding the so much avoided request-to-tree-node mapping.

Comment 1 by dtapu...@chromium.org, Jul 19 2016

Components: -Blink Blink>Loader

Comment 2 by nasko@chromium.org, Jul 19 2016 

It is not just a request-to-tree-node mapping, since you need information from that FrameTreeNode, such as the URL, the origin, possibly other pieces of data. All of that lives on the UI thread, so even if you could map from request to FrameTreeNode ID, you won't be able to get to the data without one of - thread hop, or duplicating the data to the IO thread. The thread hop is worse in my mind than checking for mixed content in the renderer process. Duplicating the data to the IO thread has race conditions that cannot be easily resolved.

Overall, it is very appealing to enforce all mixed content in the browser process, but I'm doubtful we can pull it off in a performant manner without races. Design docs welcome :).
Project Member

Comment 3 by sheriffbot@chromium.org, Jul 20 2017

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by japhet@chromium.org, Jul 25 2017

Labels: -Hotlist-Recharge-Cold
Owner: mkwst@chromium.org
Status: Assigned (was: Untriaged)
mkwst, I assume you're a logical owner for this? Feel free to punt on it, just trying to clear the triage queue :)

Sign in to add a comment