DescriptionAdd a chrome://flags item "allow-insecure-websocket-from-https-origin"
There're web apps served over HTTPS but are using insecure WebSockets.
To improve security, we're going to prohibit that, but should provide
an option to turn off the check until everyone finishes fixing their apps
to get ready for stopping use of insecure WebSockets from HTTPS origin.
The shield page action allows users to manually turn off mixed content
check, but for apps designed to open new windows frequently, this
workaround is too bothering.
So, we'll provide a chrome://flags item which turns off the mixed
content check (only for WebSocket). This flag is scheduled to go away
when everyone should be ready for accepting this security check.
This CL depends on this Blink side CL:
https://codereview.chromium.org/246893014/
BUG=85271
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=266309
Patch Set 1 #Patch Set 2 : Addressed #3 but without using RuntimeEnabledFeatures #Patch Set 3 : Addressed #9 #
Messages
Total messages: 21 (0 generated)
|