New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 829209 link

Starred by 2 users
Status: Fixed
Owner:
dominickn@chromium.org
Closed: Apr 2018
Cc:
alancutter@chromium.org
dominickn@chromium.org
bgalbs@google.com
pcovell@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug



Sign in to add a comment

desktop-pwas: Adding a site with mixed content to shelf creates a PWA

Project Member Reported by ortuno@chromium.org, Apr 5 2018 
Chrome Version: (copy from chrome://version)
OS: (e.g. Win7, OSX 10.9.5, etc...)

What steps will reproduce the problem?
(1) Navigate to a PWA with mixed content e.g. https://marsh-band.glitch.me
(2) Click the three dot menu and choose "Add to shelf". (The "Add to shelf" string means we didn't consider the site to be a proper PWA.)

What's expected?
A shortcut installation dialog is shown and a shortcut is added to the shelf.

What happens instead?
A PWA installation dialog is shown and a PWA is installed. Furthermore, we move the current tab to the PWA window where it looses its security indicator.

It seems that whatever decides which string to show in the three dot menu is properly checking that the current site is secure enough, but the installation process triggered by the menu option is not checking that the site is secure enough.

Comment 1 by ortuno@chromium.org, Apr 5 2018

Summary: desktop-pwas: Adding a site with mixed content to shelf creates a PWA (was: desktop-pwas: Adding a site with mixed content to shelf, creates a PWA)

Comment 2 by dominickn@chromium.org, Apr 5 2018

Cc: -dominickn@chromium.org
Owner: dominickn@chromium.org
Status: Assigned (was: Available)
We had this problem previously on mobile. The problem is that BookmarkAppHelper::Create does not ask InstallableManager to verify that the site is served over SSL. It's a trivial fix.
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 5 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2e0cad3866ae8afcd1f8c02bc7116cdb12244135

commit 2e0cad3866ae8afcd1f8c02bc7116cdb12244135
Author: Dominick Ng <dominickn@chromium.org>
Date: Thu Apr 05 10:41:19 2018

Ensure that desktop PWAs cannot have mixed content.

This CL ensures that desktop PWAs have their full SSL status checked
by the BookmarkAppHelper prior to creating the installation prompt.
Previously, PWAs with mixed content would be considered installable.

BUG= 829209 

Change-Id: I343298e8d7f41af513721b08671df4f206259d76
Reviewed-on: https://chromium-review.googlesource.com/997037
Commit-Queue: Dominick Ng <dominickn@chromium.org>
Reviewed-by: Matt Giuca <mgiuca@chromium.org>
Cr-Commit-Position: refs/heads/master@{#548381}
[modify] https://crrev.com/2e0cad3866ae8afcd1f8c02bc7116cdb12244135/chrome/browser/extensions/bookmark_app_helper.cc

Comment 4 by susan.boorgula@chromium.org, Apr 6 2018

Labels: Needs-Feedback
Tested this issue on Windows 10 and Mac OS 10.12.6 on the build without fix 67.0.3389.0 and the latest Canary 67.0.3390.0 on which the fix was landed.

1. Launched Chrome and navigated to the above given link.
2. Clicked on the chrome 3 dot menu -> More Tools -> Create shortcut.
3. The shortcut is added to the desktop.
4. On clicking on the desktop shortcut, the page is loaded.
Attached is the screen cast of the steps followed.

Request you to check and confirm is anything is missed from our end in triaging the issue.
Also request you to provide the exact steps to reproduce the issue.

Thanks..
829209.mp4
2.9 MB View Download

Comment 5 by dominickn@chromium.org, Apr 11 2018

Status: Fixed (was: Assigned)

Sign in to add a comment