commit | 130ee686fa00b617bfc001ceb3bb49782da2cb4e | [log] [tgz] |
---|---|---|
author | mkwst <mkwst@chromium.org> | Wed Jun 22 18:35:47 2016 |
committer | Commit bot <commit-bot@chromium.org> | Wed Jun 22 18:39:11 2016 |
tree | 105ebdbd91561c298f97d876a2b12d5609168c80 | |
parent | 2daffdccc85520a52ddfaaf8739b3d08517ff1a9 [diff] |
Stop blocking 'http://127.0.0.1/' as mixed content. Currently, mixed content checks block http://127.0.0.1 from loading in a page delivered over TLS. I'm (belatedly) coming around to the idea that that restriction does more harm than good. In particular, I'll note that folks are installing new trusted roots and self-signing certs for that IP address, exposing themselves to additional risk for minimal benefit. Helpful locally installed software is doing the same, with even more associated risk. This patch aligns our mixed content checks with the Secure Contexts notion of "potentially trustworthy", allowing 'http://127.0.0.1' accordingly. BUG=607878 R=estark@chromium.org,rsleevi@chromium.org Review-Url: https://codereview.chromium.org/1931063004 Cr-Commit-Position: refs/heads/master@{#401363}