Skip to site navigation (Press enter)

[webkit-changes] [198436] trunk/Source/WebCore

jer . noble Fri, 18 Mar 2016 21:49:08 -0700

Title: [198436] trunk/Source/WebCore

Revision: 198436
Author: [email protected]
Date: 2016-03-18 12:04:58 -0700 (Fri, 18 Mar 2016)

Log Message

CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
https://bugs.webkit.org/show_bug.cgi?id=155588
<rdar://problem/25177795>


Reviewed by Daniel Bates.

The Mixed Content spec specifically allows (with certain restrictions) loads of <image>,
<video>, and <audio> resources from mixed-content origins, albeit with warnings.

No new tests, fixes existing test: http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html

* loader/cache/CachedResourceLoader.cpp:
(WebCore::contentTypeFromResourceType):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (198435 => 198436)


--- trunk/Source/WebCore/ChangeLog	2016-03-18 18:42:53 UTC (rev 198435)
+++ trunk/Source/WebCore/ChangeLog	2016-03-18 19:04:58 UTC (rev 198436)
@@ -1,3 +1,19 @@
+2016-03-18  Jer Noble  <[email protected]>
+
+        CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
+        https://bugs.webkit.org/show_bug.cgi?id=155588
+        <rdar://problem/25177795>
+
+        Reviewed by Daniel Bates.
+
+        The Mixed Content spec specifically allows (with certain restrictions) loads of <image>,
+        <video>, and <audio> resources from mixed-content origins, albeit with warnings.
+
+        No new tests, fixes existing test: http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html
+
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::contentTypeFromResourceType):
+
 2016-03-18  Nan Wang  <[email protected]>
 
         AX: AXARIACurrent exposed but not displayed in Accessibility Inspector

Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (198435 => 198436)


--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2016-03-18 18:42:53 UTC (rev 198435)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2016-03-18 19:04:58 UTC (rev 198436)
@@ -288,7 +288,11 @@
 static MixedContentChecker::ContentType contentTypeFromResourceType(CachedResource::Type type)
 {
     switch (type) {
+    // https://w3c.github.io/webappsec-mixed-content/#category-optionally-blockable
+    // Editor's Draft, 11 February 2016
+    // 3.1. Optionally-blockable Content
     case CachedResource::ImageResource:
+    case CachedResource::MediaResource:
             return MixedContentChecker::ContentType::ActiveCanWarn;
 
     case CachedResource::CSSStyleSheet:
@@ -301,7 +305,6 @@
         return MixedContentChecker::ContentType::Active;
 #endif
 
-    case CachedResource::MediaResource:
     case CachedResource::RawResource:
     case CachedResource::SVGDocumentResource:
         return MixedContentChecker::ContentType::Active;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes