-
Notifications
You must be signed in to change notification settings - Fork 973
Conversation
@@ -557,6 +558,8 @@ class Frame extends ImmutableComponent { | |||
this.webview.addEventListener('content-blocked', (e) => { | |||
if (e.details[0] === 'javascript') { | |||
windowActions.setBlockedBy(this.frame, 'noScript', e.details[1]) | |||
} else if (!this.allowRunningInsecureContent()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can now manage running and displaying insecure content through the displayInsecureContent
and runInsecureContent
content settings which will allow us to treat them like any other site settings. I know you already did a lot of work using the old method and I'm sorry I didn't catch this sooner, but setting these through the webview is problematic because it restarts the renderer process and will potentially break some sites. We had a small number of exceptions before, but if we're opening this up as a general setting we should transition to the contentSetting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for clarification. Changes has been made in 66dc10c.
8c6af21
to
66dc10c
Compare
@@ -123,6 +127,10 @@ const getContentSettingsFromSiteSettings = (appState) => { | |||
addContentSettings(contentSettings.javascript, hostPattern, '*', | |||
hostSetting.noScript ? 'block' : 'allow') | |||
} | |||
if (typeof hostSetting.allowActiveMixedContent === 'boolean') { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be better to name this setting runInsecureContext
. It's easier if we don't have to translate names across various parts of the app
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you're right. it will make the code more readable. addressed it in cecb967
can you add some tests for this? There is some inconsistent property naming that looks like it should be causing issues |
ea401ab
to
4888633
Compare
2. Change icon of http and mixed content to fa-unlock 3. Remove twitch out of site hack 4. Add test fix brave#3443 reuire brave/muon#47 Auditors: @bridiver Test Plan: Visit https://mixed-script.badssl.com/ and click the urlbar lock to temporarily allow run insecure content and the background color will be red.
just want to get @bradleyrichter @diracdeltas feedback on the popup. I think we should have something like "Insecure content has been blocked from running on this page. If you allow this content to run it will not be encrypted and it may transmit unencrypted data to other sites." button - "Run Insecure Content" |
Is it modal? If not, no need for the darkening. |
closed with 7078680 |
git rebase -i
to squash commits if needed.fix #3443
Detect blocked mixed content
After allowing mixed content
Pure http site