"about" shouldn't be considered a secure scheme |
|
Issue descriptionCurrently it's listed in kSecureSchemes in url_util.cc. However, about:blank pages can be opened by any origin, and do not define a secure context. We should consider removing it from the list. This is currently causing problems with HTTP Bad implementation which displays a "not secure" chip for forms on insecure pages. Also see bug 684231 (Remove data urls from secure origins). |
|
►
Sign in to add a comment |
|
Comment 1 by mea...@chromium.org
, Mar 7 2017