New issue
Advanced search Search tips

Issue 749114 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Oct 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Shield Button is enabled while executing HTTP over HTTPS

Reported by ramkumar...@gmail.com, Jul 26 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36

Steps to reproduce the problem:
This issue occurs on Anthem version of Salesforce.  In salesforce (https://ind--isgfull.cs64.my.salesforce.com/) we have deployed custom console application (http://localhost:4040) to communicate with desktop application.  When user login into Salesforce, custom console application get executed and try to communicate to desktop application through local port 4040

What is the expected behavior?
Disable Shield button and load unsafe script

What went wrong?
In previous version of Chrome (version 51.0.2704.103) we disabled shield button using external command (--unsafely-treat-insecure-origin-as-secure=http://localhost:4040 --test-type --user-data-dir=) but in new version of Chrome (version 59.0.3071.115)not supporting external command.  So agent have to manually disable it.  Can you fix chrome version to support external command

Did this work before? Yes 51.0.2704.103

Chrome version: 59.0.3071.115  Channel: n/a
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 26.0 r0

We need to disable Shield button automatically through external command
 
Labels: Needs-Milestone
Cc: est...@chromium.org
Components: Blink>SecurityFeature>SecureContexts
estark: Any thoughts?
Labels: TE-NeedsTriageFromMTV
As chrome-hyd team do not salesforce setup, could someone from MTV please look into this issue.
Adding 'TE-NeedsTriageFromMTV' label for further investigation.

Thanks.

Comment 4 by est...@chromium.org, Jul 28 2017

Labels: Needs-Feedback
I can't reproduce this issue; --unsafely-treat-insecure-origin-as-secure still seems to work. On 59.0.3071.115, if I run Chrome with --unsafely-treat-insecure-origin-as-secure=http://mixed-script.badssl.com, I can visit https://mixed-script.badssl.com and the script loads and runs without a shield as expected.

To the reporter, can you please provide more detailed instructions for reproducing the problem, ideally with a standalone test website that I can try as well? Thanks!
Let me try this and let you know on Monday
Project Member

Comment 6 by sheriffbot@chromium.org, Jul 28 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "estark@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by est...@chromium.org, Jul 28 2017

Labels: Needs-Feedback
Status: WontFix (was: Unconfirmed)
no feedback & cannot reproduce, so closing. Please reopen if this is still an issue with the additional feedback

Sign in to add a comment