New issue
Advanced search Search tips

Issue 893647 link

Starred by 2 users
Status: Started
Owner:
carlosil@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 2
Type: Bug

Blocked on: View detail
issue 893683
issue 893738
issue 909798
issue 893649
issue 893684
issue 893685
issue 894513
issue 896865
issue 901403
Blocking:
issue 872446



Sign in to add a comment

Implement Mixed Content Autoupgrade experiment.

Project Member Reported by carlosil@chromium.org, Oct 9 
Implement the mixed content autoupgrade experiment.

Comment 1 by carlosil@chromium.org, Oct 9

Blockedon: 893649

Comment 2 by carlosil@chromium.org, Oct 9

Blockedon: 893683

Comment 3 by carlosil@chromium.org, Oct 9

Blockedon: 893684

Comment 4 by carlosil@chromium.org, Oct 9

Blockedon: 893685

Comment 5 by carlosil@chromium.org, Oct 9

Blockedon: -872446
Blocking: 872446

Comment 6 by carlosil@chromium.org, Oct 9

Blockedon: 893738

Comment 7 by carlosil@chromium.org, Oct 11

Components: Blink>SecurityFeature

Comment 8 by carlosil@chromium.org, Oct 11

Blockedon: 894513

Comment 9 by carlosil@chromium.org, Oct 18

Blockedon: 896865

Comment 10 by carlosil@chromium.org, Nov 2

Blockedon: 901403

Comment 11 by carlosil@chromium.org, Nov 28

Blockedon: 909798
Project Member

Comment 12 by bugdroid1@chromium.org, Jan 15 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/386065dc11ff8a2184fc5a1d772e342fd312736e

commit 386065dc11ff8a2184fc5a1d772e342fd312736e
Author: Hiroshige Hayashizaki <hiroshige@chromium.org>
Date: Tue Jan 15 05:32:03 2019

Use HttpsState in MixedContentChecker::ShouldAutoupgrade()

This CL replaces a call to ExecutionContext::Url() with
GetHttpsState(), in order to

1. Remove Url() calls during fetch for off-the-main-thread
   worker top-level script fetch (crbug.com/861564), and
2. Make auto-upgrade consistent with other parts of
   MixedContentChecker.
   After this CL, both mixed content check and auto upgrade
   are based on SecurityOrigin on Documents
   (Frame's SecurityContext's SecurityOrigin or
   Document's SecurityOrigin via Document::GetHttpsState()),
   and based on HttpsState on workers/worklets.

This changes the behavior of auto upgrade for requests from
blank <iframe>s and sandboxed <iframe>s, where
Document::Url()'s origin and Document::GetSecurityOrigin()
are different.

Bug: 861564, 893647
Change-Id: Ie793d8fb0f848d84ff9468663639ab480027d7b4
Reviewed-on: https://chromium-review.googlesource.com/c/1394371
Reviewed-by: Adam Rice <ricea@chromium.org>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Cr-Commit-Position: refs/heads/master@{#622743}
[modify] https://crrev.com/386065dc11ff8a2184fc5a1d772e342fd312736e/third_party/blink/renderer/core/loader/frame_fetch_context_test.cc
[modify] https://crrev.com/386065dc11ff8a2184fc5a1d772e342fd312736e/third_party/blink/renderer/core/loader/frame_loader.cc
[modify] https://crrev.com/386065dc11ff8a2184fc5a1d772e342fd312736e/third_party/blink/renderer/core/loader/mixed_content_checker.cc
[modify] https://crrev.com/386065dc11ff8a2184fc5a1d772e342fd312736e/third_party/blink/renderer/core/loader/mixed_content_checker.h
[modify] https://crrev.com/386065dc11ff8a2184fc5a1d772e342fd312736e/third_party/blink/renderer/modules/websockets/dom_websocket.cc
[modify] https://crrev.com/386065dc11ff8a2184fc5a1d772e342fd312736e/third_party/blink/renderer/modules/websockets/dom_websocket_test.cc

Sign in to add a comment