DescriptionApply strict blocking of active mixed content in HTTPS subframes only
As of https://codereview.chromium.org/1392993002, we started strictly
blocking active mixed content loading inside subframes. However, this
turned out to break a lot of sites. Many of the broken sites are secure
sites framing insecure sites which load insecure subresources, and those
insecure subresources are strictly blocked because they are considered
mixed with respect to the top-level frame. The strict blocking doesn't
add a lot of security benefit in this situation, so this CL only applies
the strict iframe-subresource blocking when the subresource is mixed
with respect to the frame that loads it.
BUG=582603
Committed: https://crrev.com/f9aced4a99289d153e4536affaa36618bb23dbd8
Cr-Commit-Position: refs/heads/master@{#377921}
Patch Set 1 #
Total comments: 2
Messages
Total messages: 11 (3 generated)
|