WebView.securityStatus.securityLevel indicates everything is normal if a subresource certificate error is allowed for a resource from a different domain from the main document
Bug #1368385 reported by
Chris Coulson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Oxide |
Fix Released
|
Critical
|
Chris Coulson | ||
1.2 |
Fix Released
|
Critical
|
Chris Coulson |
Bug Description
I caught this whilst writing unit tests. If a secure site loads a resource from a different domain but that resource load comes with an invalid certificate, WebView.
It *does* work if the subresource is from the same domain as the main document, as that host is marked as having ran insecure content.
Changed in oxide: | |
importance: | Undecided → Critical |
status: | New → Triaged |
milestone: | none → branch-1.3 |
assignee: | nobody → Chris Coulson (chrisccoulson) |
description: | updated |
Changed in oxide: | |
status: | Triaged → In Progress |
To post a comment you must log in.
Fixed with http:// bazaar. launchpad. net/~oxide- developers/ oxide/oxide. trunk/revision/ 740
http:// bazaar. launchpad. net/~oxide- developers/ oxide/oxide. trunk/revision/ 739 is also needed for backporting to 1.2.