Re-block running insecure content #3808
Conversation
2. Re-block running insecure content when frame closed fix brave#3770 Auditors: @diracdeltas Test Plan: For re-block option: 1. Go to `https://mixed-script.badssl.com/` 2. Click urlIcon and click `Load Unsafe Scripts` 3. Background should be red 4. Click urlIcon and click `Stop Loading Unsafe Scripts` 5. Background should be grey For re-blocked on frame closed 1. Go to `https://mixed-script.badssl.com/` 2. Click urlIcon and click `Load Unsafe Scripts` 3. Background should be red 4. Close tab 5. Go to `https://mixed-script.badssl.com/` on new tab again 6. Background should be grey
| allowRunInsecureContent=Load Unsafe Scripts | ||
| dismissDenyRunInsecureContent=Stay Unsecure |
There was a problem hiding this comment.
Updated in 138692c. Thanks
… scope fix brave#3793 Auditors: @diracdeltas Test Plan: For regular frame: 1. Go to https://mixed-script.badssl.com 2. Click urlIcon and click Load Unsafe Scripts 3. Background should be red 4. Go to https://mixed-script.badssl.com by regular new tab 5. Background should be grey 6. Go to https://mixed-script.badssl.com by private new tab 7. Background should be grey For private frame: 1. Go to https://mixed-script.badssl.com by private tab 2. Click urlIcon and click Load Unsafe Scripts 3. Background should be red 4. Go to https://mixed-script.badssl.com by regular new tab 5. Background should be grey 6. Go to https://mixed-script.badssl.com by private new tab 7. Background should be grey
| ipc.emit(messages.SHORTCUT_ACTIVE_FRAME_LOAD_URL, {}, this.isBlockedRunInsecureContent) | ||
| this.props.onHide() | ||
| } | ||
| onDenyRunInsecureContent () { | ||
| appActions.removeSiteSetting(siteUtil.getOrigin(this.runInsecureContent), 'runInsecureContent') |
There was a problem hiding this comment.
should this have this.isPrivate as the last argument?
There was a problem hiding this comment.
ah, you are right. I forgot to add it.
|
the regular vs private profile code can be removed and is handled by brave/muon@b956fa5 |
|
I guess my comment above isn't completely accurate because we are still writing them to the app state. We need to fully migrate site settings to content settings to fix the problem completely. In the meantime I suggest that we disallow the setting in private tabs for now just like the others |
|
++, i think this feature should just be disabled in private tabs for now. AKA mixed content should always just be blocked in private tabs. sorry about that @darkdh |
|
@diracdeltas , feedback addressed in 7aded75 |
| } | ||
| onAllowRunInsecureContent () { | ||
| appActions.changeSiteSetting(siteUtil.getOrigin(this.isBlockedRunInsecureContent), 'runInsecureContent', true) | ||
| appActions.changeSiteSetting(siteUtil.getOrigin(this.isBlockedRunInsecureContent), | ||
| 'runInsecureContent', true, this.isPrivate) | ||
| ipc.emit(messages.SHORTCUT_ACTIVE_FRAME_LOAD_URL, {}, this.isBlockedRunInsecureContent) |
There was a problem hiding this comment.
the code above can also use this.location instead of this.isBlockedRunInsecureContent
There was a problem hiding this comment.
but that is more of a refactor issue so this looks good to merge now. :)
Auditors: @diracdeltas Test Plan: N/A
git rebase -ito squash commits (if needed).fix #3770, #3793
partially fix #3795 (only for runInsecureContent)
Auditors: @diracdeltas
Test Plan:
For re-block option:
https://mixed-script.badssl.com/Load Unsafe ScriptsStop Loading Unsafe ScriptsFor regular frame:
~~For private frame: