Implement HTML5's concept of 'HTTPS state' for Window objects
Categories
(Core :: DOM: Core & HTML, task, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox45 | --- | affected |
People
(Reporter: jwatt, Unassigned, NeedInfo)
References
(Blocks 1 open bug)
Details
Attachments
(2 files, 8 obsolete files)
(deleted),
patch
|
bzbarsky
:
feedback+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
Details | Diff | Splinter Review |
Reporter | ||
Comment 1•9 years ago
|
||
Comment 2•9 years ago
|
||
Reporter | ||
Comment 3•9 years ago
|
||
Comment 4•9 years ago
|
||
Reporter | ||
Comment 5•9 years ago
|
||
Comment 6•9 years ago
|
||
Reporter | ||
Comment 7•9 years ago
|
||
Comment 8•9 years ago
|
||
Reporter | ||
Comment 9•9 years ago
|
||
Comment 10•9 years ago
|
||
Comment 11•9 years ago
|
||
Comment 12•9 years ago
|
||
Reporter | ||
Comment 13•9 years ago
|
||
Comment 14•9 years ago
|
||
Reporter | ||
Comment 15•9 years ago
|
||
Reporter | ||
Updated•9 years ago
|
Reporter | ||
Comment 16•9 years ago
|
||
Reporter | ||
Comment 17•9 years ago
|
||
Reporter | ||
Comment 18•9 years ago
|
||
Comment 19•9 years ago
|
||
Reporter | ||
Comment 20•9 years ago
|
||
Reporter | ||
Comment 21•9 years ago
|
||
Comment 22•9 years ago
|
||
Reporter | ||
Updated•9 years ago
|
Reporter | ||
Comment 23•9 years ago
|
||
Reporter | ||
Comment 24•9 years ago
|
||
Comment 25•9 years ago
|
||
Reporter | ||
Comment 27•9 years ago
|
||
Comment 28•9 years ago
|
||
Comment 30•9 years ago
|
||
Comment 32•9 years ago
|
||
Reporter | ||
Comment 34•9 years ago
|
||
Reporter | ||
Comment 35•9 years ago
|
||
Reporter | ||
Comment 36•9 years ago
|
||
Comment 37•9 years ago
|
||
Reporter | ||
Comment 38•9 years ago
|
||
Comment 39•9 years ago
|
||
Reporter | ||
Comment 40•9 years ago
|
||
Comment 41•9 years ago
|
||
Comment 43•9 years ago
|
||
Reporter | ||
Comment 44•9 years ago
|
||
Reporter | ||
Comment 45•9 years ago
|
||
Reporter | ||
Comment 46•9 years ago
|
||
Comment 47•9 years ago
|
||
Updated•9 years ago
|
Reporter | ||
Comment 48•9 years ago
|
||
Reporter | ||
Comment 49•9 years ago
|
||
Reporter | ||
Comment 50•9 years ago
|
||
Reporter | ||
Comment 51•9 years ago
|
||
Comment 52•9 years ago
|
||
Reporter | ||
Comment 53•9 years ago
|
||
Reporter | ||
Updated•9 years ago
|
Reporter | ||
Updated•9 years ago
|
Comment 54•9 years ago
|
||
Reporter | ||
Comment 55•9 years ago
|
||
Reporter | ||
Comment 56•7 years ago
|
||
Updated•6 years ago
|
Assignee | ||
Updated•6 years ago
|
Comment 57•4 years ago
|
||
It's a bit hard for me to evaluate whether this is still relevant now that the HTTPS state concept is gone.
jwatt, how did we implement this so far, just rely on the URL's scheme? If so, we can probably close this as WONTFIX.
See https://html.spec.whatwg.org/#secure-contexts for the latest secure context definition.
Updated•4 years ago
|
Reporter | ||
Comment 58•3 years ago
|
||
(In reply to Anne (:annevk) from comment #57)
See https://html.spec.whatwg.org/#secure-contexts for the latest secure context definition.
That seems to significantly relax the conditions for whether something is a secure context since I originally implemented secure contexts in bug 1177957. Presumably that's intentional? Are we still covering the threat models, particularly the "Ancestral Risk"?
jwatt, how did we implement this so far, just rely on the URL's scheme? If so, we can probably close this as WONTFIX.
No, it's a fair bit more complicated than that, based on the spec at the time. There are some specific cases that we special case but in general the decision is made by nsGlobalWindowOuter::ComputeIsSecureContext.
Reporter | ||
Updated•3 years ago
|
Comment 59•3 years ago
|
||
Yeah, ancestors should still be covered due to Mixed Content blocking.
Updated•2 years ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Description
•