Add a chrome://flags item "allow-insecure-websocket-from-https-origin"

Add a chrome://flags item "allow-insecure-websocket-from-https-origin"

There're web apps served over HTTPS but are using insecure WebSockets.
To improve security, we're going to prohibit that, but should provide
an option to turn off the check until everyone finishes fixing their apps
to get ready for stopping use of insecure WebSockets from HTTPS origin.

The shield page action allows users to manually turn off mixed content
check, but for apps designed to open new windows frequently, this
workaround is too bothering.

So, we'll provide a chrome://flags item which turns off the mixed
content check (only for WebSocket). This flag is scheduled to go away
when everyone should be ready for accepting this security check.

This CL depends on this Blink side CL:
https://codereview.chromium.org/246893014/

BUG=85271
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=266309

[tyoshino (SeeGerritForStatus), 2014-04-23 06:56:53]

Blink side CL
https://codereview.chromium.org/246893014/

[yhirano, 2014-04-23 10:07:06]

[optional] I like RuntimeEnabledFeatures + WebRuntimeEnabledFeatures + command
line switch more than Settings + WebSettings + WebPreference because of the
simplicity.

[tyoshino (SeeGerritForStatus), 2014-04-23 12:48:49]

On 2014/04/23 10:07:06, yhirano wrote:
> [optional] I like RuntimeEnabledFeatures + WebRuntimeEnabledFeatures + command
> line switch more than Settings + WebSettings + WebPreference because of the
> simplicity.

Removed IPC stuff as you suggested. Re: RuntimeEnabledFeatures, it looks we can
just copy the flag value to the WebSettings in render_view_impl.cc.

[tyoshino (SeeGerritForStatus), 2014-04-23 12:57:00]

+jochen

[yhirano, 2014-04-23 13:05:59]

lgtm

[tyoshino (SeeGerritForStatus), 2014-04-23 13:09:22]

+palmer

[palmer, 2014-04-23 23:45:11]

LGTM

[jochen (gone - plz use gerrit), 2014-04-24 12:51:26]

lgtm i guess :-/

is there a bug on file to remove this again?

[tyoshino (SeeGerritForStatus), 2014-04-24 13:05:51]

On 2014/04/24 12:51:26, jochen wrote:
> lgtm i guess :-/
> 
> is there a bug on file to remove this again?

Ah, yes. crbug.com/366483. I've included a comment with this issue number in the
Blink side change in response to abarth@'s suggestion. I'll add this to Chromium
side change too.

[tyoshino (SeeGerritForStatus), 2014-04-25 03:45:25]

The CQ bit was checked by tyoshino@chromium.org

[commit-bot: I haz the power, 2014-04-25 03:45:57]

CQ is trying da patch. Follow status at
https://chromium-status.appspot.com/cq/tyoshino@chromium.org/248863003/40001

[commit-bot: I haz the power, 2014-04-25 08:29:49]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2014-04-25 08:29:49]

Try jobs failed on following builders:
  tryserver.chromium on chromium_presubmit
  tryserver.chromium on win_chromium_rel

[tyoshino (SeeGerritForStatus), 2014-04-25 17:56:14]

The CQ bit was checked by tyoshino@chromium.org

[commit-bot: I haz the power, 2014-04-25 21:50:31]

CQ is trying da patch. Follow status at
https://chromium-status.appspot.com/cq/tyoshino@chromium.org/248863003/40001

[commit-bot: I haz the power, 2014-04-26 00:47:59]

Change committed as 266309

[vladi.colton, 2015-05-26 12:43:28]

On 2014/04/26 00:47:59, I haz the power - commit-bot wrote:
> Change committed as 266309

Hi Guys,

I'm critically need the option (Allow insecure WebSocket from https origin) to
be available.
Can you please give a workaround? or maybe a version with this option.

Thanks a lot in advanced.

[tyoshino (SeeGerritForStatus), 2015-05-26 13:09:10]

On 2015/05/26 12:43:28, vladi.colton wrote:
> On 2014/04/26 00:47:59, I haz the power - commit-bot wrote:
> > Change committed as 266309
> 
> Hi Guys,
> 
> I'm critically need the option (Allow insecure WebSocket from https origin) to
> be available.
> Can you please give a workaround? or maybe a version with this option.
> 
> Thanks a lot in advanced.

Please see https://code.google.com/p/chromium/issues/detail?id=367149 for when
the option has been removed. M42 and prior have it. You can use
--allow-running-insecure-content. Please make sure that you understand the
security risk of the option.

[vladi.colton, 2015-05-27 05:42:45]

On 2015/05/26 13:09:10, tyoshino wrote:
> On 2015/05/26 12:43:28, vladi.colton wrote:
> > On 2014/04/26 00:47:59, I haz the power - commit-bot wrote:
> > > Change committed as 266309
> > 
> > Hi Guys,
> > 
> > I'm critically need the option (Allow insecure WebSocket from https origin)
to
> > be available.
> > Can you please give a workaround? or maybe a version with this option.
> > 
> > Thanks a lot in advanced.
> 
> Please see https://code.google.com/p/chromium/issues/detail?id=367149 for when
> the option has been removed. M42 and prior have it. You can use
> --allow-running-insecure-content. Please make sure that you understand the
> security risk of the option.

Thanks a lot,
Where can i find M42 version for Win OS?

[tyoshino (SeeGerritForStatus), 2015-05-27 06:37:56]

On 2015/05/27 05:42:45, vladi.colton wrote:
> Thanks a lot,
> Where can i find M42 version for Win OS?

Please take a look at my comments on http://crbug.com/367149