Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Fix displayed mixed content status #12743

Merged
merged 1 commit into from
Jan 22, 2018
Merged

Fix displayed mixed content status #12743

merged 1 commit into from
Jan 22, 2018

Conversation

diracdeltas
Copy link
Member

@diracdeltas diracdeltas commented Jan 20, 2018
edited
Loading

Fix #12742

Test Plan:

  1. test for 'shows partially-secure icon on a site with passive mixed content' should pass
  2. follow test plan from page security state for passive mixed content is incorrect #12742

Submitter Checklist:

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Ran git rebase -i to squash commits (if needed).
  • Tagged reviewers and labelled the pull request as needed.
  • Request a security/privacy review as needed. (Ask a Brave employee to help if you cannot access this document.)

Test Plan:

Reviewer Checklist:

  • Request a security/privacy review as needed if one was not already requested.

Tests

  • Adequate test coverage exists to prevent regressions
  • Tests should be independent and work correctly when run individually or as a suite ref
  • New files have MPL2 license header

@diracdeltas
Fix displayed mixed content status
6437850 
Fix #12742

Test Plan:
1. test for 'shows partially-secure icon on a site with passive mixed content' should pass
2. follow test plan from #12742
@diracdeltas diracdeltas added this to the 0.20.x (Beta Channel) milestone Jan 20, 2018
@diracdeltas diracdeltas self-assigned this Jan 20, 2018
@diracdeltas diracdeltas mentioned this pull request Jan 20, 2018
Merged
8 tasks
@diracdeltas
Copy link
Member Author

confirmed that the travis mixed content test fails on master (https://travis-ci.org/brave/browser-laptop/jobs/331029607#L6166) but passes with this PR

darkdh
darkdh reviewed Jan 22, 2018
View reviewed changes
app/renderer/components/frame/frame.js
// partially-secure connection. It can only downgrade a secure
// connection.
isSecure =
e.securityInfo.mixedContentStatus === 'content-status-displayed' && this.props.isSecure !== false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need to handle content-status-displayed-and-ran which indicates both passive and active mixed content?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

never mind, I forgot we default block that active mixed content scripts so it won't reach that case

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, i tried allowing insecure scripts on https://very.badssl.com/, but it only emitted content-status-displayed

darkdh
darkdh reviewed Jan 22, 2018
View reviewed changes
Copy link
Member

@darkdh darkdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++

app/renderer/components/frame/frame.js
// partially-secure connection. It can only downgrade a secure
// connection.
isSecure =
e.securityInfo.mixedContentStatus === 'content-status-displayed' && this.props.isSecure !== false
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

never mind, I forgot we default block that active mixed content scripts so it won't reach that case

@darkdh darkdh merged commit 46a236d into master Jan 22, 2018
darkdh added a commit that referenced this pull request Jan 22, 2018
@darkdh
Merge pull request #12743 from brave/fix/12742
b7748e6 
Fix displayed mixed content status
darkdh added a commit that referenced this pull request Jan 22, 2018
@darkdh
Merge pull request #12743 from brave/fix/12742
02c112d 
Fix displayed mixed content status
@darkdh
Copy link
Member

darkdh commented Jan 22, 2018

0.20.x b7748e6
0.21.x 02c112d

@diracdeltas diracdeltas deleted the fix/12742 branch January 22, 2018 20:35
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@darkdh darkdh darkdh approved these changes

Assignees

@diracdeltas diracdeltas

Labels
None yet
Projects
None yet
Milestone
0.20.x (Release Channel)
Development

Successfully merging this pull request may close these issues.
2 participants
@diracdeltas @darkdh