Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

[WIP] Use Electron event to set urlbar security state #5501

Merged
merged 1 commit into from
Nov 9, 2016
Merged

[WIP] Use Electron event to set urlbar security state #5501

merged 1 commit into from
Nov 9, 2016

Conversation

diracdeltas
Copy link
Member

@diracdeltas diracdeltas commented Nov 9, 2016
edited
Loading

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Ran git rebase -i to squash commits (if needed).

Requires brave/muon#90
Fix #5238

Auditors: @bsclifton @darkdh

Test Plan:

  1. go to http://dev.ruby.sh/bpoc.html and it should not show up as secure

TODO: add automated test for the hackerone issue

diracdeltas
diracdeltas commented Nov 9, 2016
View reviewed changes
app/renderer/components/urlBarIcon.js
@@ -30,9 +30,8 @@ class UrlBarIcon extends ImmutableComponent {
*/
get isInsecure () {
return this.props.isHTTPPage &&
!this.props.isSecure &&
this.props.isSecure === false &&
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[note] if isSecure is null, we should show neither secure nor insecure

diracdeltas
diracdeltas commented Nov 9, 2016
View reviewed changes
app/renderer/components/urlBarIcon.js
!this.props.active &&
this.props.loading === false &&
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was no longer needed because security state is set to null when the load starts

@diracdeltas
[WIP] Use Electron event to set urlbar security state
058865a 
Requires brave/muon#90
Fix #5238

Auditors: @bsclifton @darkdh

Test Plan:
1. go to http://dev.ruby.sh/bpoc.html and it should not show up as secure

TODO: add automated test for the hackerone issue
@diracdeltas
Copy link
Member Author

@darkdh this seems to cause a problem with https://mixed-script.badssl.com/ - the icon should show up as insecure after scripts are allowed but it still shows up as secure. seems like a timing issue

@darkdh
Copy link
Member

darkdh commented Nov 9, 2016

And this seems broken too
screen shot 2016-11-09 at 08 31 16

@bbondy
Copy link
Member

bbondy commented Nov 9, 2016

@darkdh did you try with the latest electron which is just updated right now? 1.4.24?

@bbondy
Copy link
Member

bbondy commented Nov 9, 2016

merging for preview-1 builds.

@bbondy bbondy merged commit bc97dd2 into master Nov 9, 2016
@darkdh
Copy link
Member

darkdh commented Nov 9, 2016

sorry my bad. It works fine with 1.4.24

@bsclifton bsclifton mentioned this pull request Nov 9, 2016
Closed
@diracdeltas diracdeltas mentioned this pull request Nov 9, 2016
Closed
2 tasks
This was referenced Nov 10, 2016
Closed
Closed
Closed
Closed
Closed
Closed
@luixxiul luixxiul mentioned this pull request Nov 14, 2016
Closed
@alexwykoff alexwykoff added this to the 0.12.9dev milestone Nov 15, 2016
@diracdeltas diracdeltas deleted the fix/security-state branch March 26, 2017 12:59
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@bsclifton bsclifton

@darkdh darkdh

Labels
feature/URLbar QA/checked-macOS
Projects
None yet
Milestone
0.12.9dev
Development

Successfully merging this pull request may close these issues.
6 participants
@diracdeltas @darkdh @bbondy @alexwykoff @luixxiul @bsclifton