Bug
1826144 [wpt PR 39339] - Test mixed content check against a frame that is neither the top frame or the parent, a=testonly
Automatic update from web-platform-tests
Test mixed content check against a frame that is neither the top frame or the parent
It seems that the mixed content checker only checks the top and the
parent frame [1], as concerned raised in https://crbug.com/623486. I
thought we could reproduce it if we fetch HTTP in a data: iframe
embedded by a HTTPS iframe embedded by a HTTP top level frame because
neither the top or parent origin is trustworthy. However, the test
passes as-is because we actually check mixed content against the parent
frame's `security_origin->GetOriginOrPrecursorOriginIfOpaque()` [2]. In
this case, even though the innermost data URL has an opaque origin, its
precursor origin is still HTTPS and potentially trustworthy.
Regardless, I thought we could keep this test anyway.
[1] https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/loader/mixed_content_checker.cc;drc=
48340c1e35efad5fb0253025dcc36b3a9573e258;l=306,311
[2] https://source.chromium.org/chromium/chromium/src/+/refs/heads/main:third_party/blink/renderer/core/loader/mixed_content_checker.cc;l=272;drc=
563462e6dee3014de2f13db70d50cc3879c783d9
Bug: 623486
Change-Id: Ib038c79cf7b889837819072611faa6ab1fd1cec8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/
4388629
Commit-Queue: Jonathan Hao <phao@chromium.org>
Reviewed-by: Titouan Rigoudy <titouan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#
1126471}
--
wpt-commits:
6e77ff75dd1e4f9baa911935151bdbe83482e796
wpt-pr: 39339