Insecure content behavior on canary

20 views
Skip to first unread message

donaddon

unread,
May 24, 2013, 3:19:41 PM5/24/13
to chromium...@chromium.org
I noticed earlier in the week that canary builds were blocking javascript from running in an HTTP page that is in a frame in an HTTPS page (that is in a frame of a top-level HTTP page).  [blocked] insecure content

Oddly, I noticed that today it is not being blocked.  I suspect this is just a bug, I haven't nailed down the details.

But what I'd like to know is what is the plan?  The Stable channel release does not block this script from running, we just get a warning, not a [blocked] in the scenario where we have HTTP -> HTTPS -> HTTP.

I assume the intent is to block it, and that this new behavior will eventually be pushed to the Stable channel, is that correct?

Reply all
Reply to author
Forward
0 new messages