Index: third_party/WebKit/Source/core/loader/MixedContentChecker.cpp |
diff --git a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp |
index 5bb8e4b110de3aa72329dd3b5be382a5546d12ed..9f5c405b19b429bfbfdcc44b7c46ad467ea10989 100644 |
--- a/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp |
+++ b/third_party/WebKit/Source/core/loader/MixedContentChecker.cpp |
@@ -88,8 +88,13 @@ bool MixedContentChecker::isMixedContent(SecurityOrigin* securityOrigin, const K |
if (!SchemeRegistry::shouldTreatURLSchemeAsRestrictingMixedContent(securityOrigin->protocol())) |
return false; |
- // We're in a secure context, so |url| is mixed content if it's insecure. |
- return !SecurityOrigin::isSecure(url); |
+ // |url| is mixed content if its origin is not potentially trustworthy, and |
+ // its protocol is not 'data'. |
+ bool isAllowed = url.protocolIsData() || SecurityOrigin::create(url)->isPotentiallyTrustworthy(); |
+ // TODO(mkwst): Remove this once 'localhost' is no longer considered potentially trustworthy: |
+ if (isAllowed && url.protocolIs("http") && url.host() == "localhost") |
+ isAllowed = false; |
+ return !isAllowed; |
} |
// static |