-
Notifications
You must be signed in to change notification settings - Fork 975
Conversation
2. Re-block running insecure content when frame closed fix brave#3770 Auditors: @diracdeltas Test Plan: For re-block option: 1. Go to `https://mixed-script.badssl.com/` 2. Click urlIcon and click `Load Unsafe Scripts` 3. Background should be red 4. Click urlIcon and click `Stop Loading Unsafe Scripts` 5. Background should be grey For re-blocked on frame closed 1. Go to `https://mixed-script.badssl.com/` 2. Click urlIcon and click `Load Unsafe Scripts` 3. Background should be red 4. Close tab 5. Go to `https://mixed-script.badssl.com/` on new tab again 6. Background should be grey
allowRunInsecureContent=Load Unsafe Scripts | ||
dismissDenyRunInsecureContent=Stay Unsecure |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/Unsecure/Insecure
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated in 138692c. Thanks
… scope fix brave#3793 Auditors: @diracdeltas Test Plan: For regular frame: 1. Go to https://mixed-script.badssl.com 2. Click urlIcon and click Load Unsafe Scripts 3. Background should be red 4. Go to https://mixed-script.badssl.com by regular new tab 5. Background should be grey 6. Go to https://mixed-script.badssl.com by private new tab 7. Background should be grey For private frame: 1. Go to https://mixed-script.badssl.com by private tab 2. Click urlIcon and click Load Unsafe Scripts 3. Background should be red 4. Go to https://mixed-script.badssl.com by regular new tab 5. Background should be grey 6. Go to https://mixed-script.badssl.com by private new tab 7. Background should be grey
ipc.emit(messages.SHORTCUT_ACTIVE_FRAME_LOAD_URL, {}, this.isBlockedRunInsecureContent) | ||
this.props.onHide() | ||
} | ||
onDenyRunInsecureContent () { | ||
appActions.removeSiteSetting(siteUtil.getOrigin(this.runInsecureContent), 'runInsecureContent') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this have this.isPrivate
as the last argument?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, you are right. I forgot to add it.
the regular vs private profile code can be removed and is handled by brave/muon@b956fa5 |
I guess my comment above isn't completely accurate because we are still writing them to the app state. We need to fully migrate site settings to content settings to fix the problem completely. In the meantime I suggest that we disallow the setting in private tabs for now just like the others |
++, i think this feature should just be disabled in private tabs for now. AKA mixed content should always just be blocked in private tabs. sorry about that @darkdh |
@diracdeltas , feedback addressed in 7aded75 |
} | ||
onAllowRunInsecureContent () { | ||
appActions.changeSiteSetting(siteUtil.getOrigin(this.isBlockedRunInsecureContent), 'runInsecureContent', true) | ||
appActions.changeSiteSetting(siteUtil.getOrigin(this.isBlockedRunInsecureContent), | ||
'runInsecureContent', true, this.isPrivate) | ||
ipc.emit(messages.SHORTCUT_ACTIVE_FRAME_LOAD_URL, {}, this.isBlockedRunInsecureContent) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the code above can also use this.location
instead of this.isBlockedRunInsecureContent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but that is more of a refactor issue so this looks good to merge now. :)
Auditors: @diracdeltas Test Plan: N/A
git rebase -i
to squash commits (if needed).fix #3770, #3793
partially fix #3795 (only for runInsecureContent)
Auditors: @diracdeltas
Test Plan:
For re-block option:
https://mixed-script.badssl.com/
Load Unsafe Scripts
Stop Loading Unsafe Scripts
For regular frame:
~~For private frame: