| commit | ada9c7e93499993cce771268fa8661cb3dd5a8ed | |
| author | Jonathan Hao <phao@chromium.org> | |
| Thu, 13 Apr 2023 04:32:00 +0000 (13 04:32 +0000) | ||
| committer | moz-wptsync-bot <wptsync@mozilla.com> | |
| Fri, 14 Apr 2023 11:15:55 +0000 (14 11:15 +0000) | ||
| tree | 09cdf9c99dea8b87b0706eceb990a6788266c14b | treesnapshot (tar.gz zip) |
| parent | a4733b2c34b5e305e3f30d99806ec770e506bbb5 | commitdiff |
Bug 1826144 [wpt PR 39339] - Test mixed content check against a frame that is neither the top frame or the parent, a=testonly
Automatic update from web-platform-tests
Test mixed content check against a frame that is neither the top frame or the parent
It seems that the mixed content checker only checks the top and the
parent frame [1], as concerned raised in https://crbug.com/623486. I
thought we could reproduce it if we fetch HTTP in a data: iframe
embedded by a HTTPS iframe embedded by a HTTP top level frame because
neither the top or parent origin is trustworthy. However, the test
passes as-is because we actually check mixed content against the parent
frame's `security_origin->GetOriginOrPrecursorOriginIfOpaque()` [2]. In
this case, even though the innermost data URL has an opaque origin, its
precursor origin is still HTTPS and potentially trustworthy.
Regardless, I thought we could keep this test anyway.
[1] https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/loader/mixed_content_checker.cc;drc=48340c1e35efad5fb0253025dcc36b3a9573e258;l=306,311
[2] https://source.chromium.org/chromium/chromium/src/+/refs/heads/main:third_party/blink/renderer/core/loader/mixed_content_checker.cc;l=272;drc=563462e6dee3014de2f13db70d50cc3879c783d9
Bug: 623486
Change-Id: Ib038c79cf7b889837819072611faa6ab1fd1cec8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4388629
Commit-Queue: Jonathan Hao <phao@chromium.org>
Reviewed-by: Titouan Rigoudy <titouan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1126471}
--
wpt-commits: 6e77ff75dd1e4f9baa911935151bdbe83482e796
wpt-pr: 39339
Automatic update from web-platform-tests
Test mixed content check against a frame that is neither the top frame or the parent
It seems that the mixed content checker only checks the top and the
parent frame [1], as concerned raised in https://crbug.com/623486. I
thought we could reproduce it if we fetch HTTP in a data: iframe
embedded by a HTTPS iframe embedded by a HTTP top level frame because
neither the top or parent origin is trustworthy. However, the test
passes as-is because we actually check mixed content against the parent
frame's `security_origin->GetOriginOrPrecursorOriginIfOpaque()` [2]. In
this case, even though the innermost data URL has an opaque origin, its
precursor origin is still HTTPS and potentially trustworthy.
Regardless, I thought we could keep this test anyway.
[1] https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/loader/mixed_content_checker.cc;drc=48340c1e35efad5fb0253025dcc36b3a9573e258;l=306,311
[2] https://source.chromium.org/chromium/chromium/src/+/refs/heads/main:third_party/blink/renderer/core/loader/mixed_content_checker.cc;l=272;drc=563462e6dee3014de2f13db70d50cc3879c783d9
Bug: 623486
Change-Id: Ib038c79cf7b889837819072611faa6ab1fd1cec8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4388629
Commit-Queue: Jonathan Hao <phao@chromium.org>
Reviewed-by: Titouan Rigoudy <titouan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1126471}
--
wpt-commits: 6e77ff75dd1e4f9baa911935151bdbe83482e796
wpt-pr: 39339
| testing/web-platform/tests/mixed-content/nested-iframes.window.js | [new file with mode: 0644] | blob |
| testing/web-platform/tests/mixed-content/resources/middle-frame.html | [new file with mode: 0644] | blob |