ubuntu-webapps-bugs team mailing list archive

[Chris Coulson <chris.coulson@xxxxxxxxxxxxx>]

Fixed with http://bazaar.launchpad.net/~oxide-
developers/oxide/oxide.trunk/revision/740

http://bazaar.launchpad.net/~oxide-
developers/oxide/oxide.trunk/revision/739 is also needed for backporting
to 1.2.

** Changed in: oxide
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1368385

Title:
  WebView.securityStatus.securityLevel indicates everything is normal if
  a subresource certificate error is allowed for a resource from  a
  different domain from the main document

Status in Oxide Webview:
  Fix Released
Status in Oxide 1.2 series:
  Triaged

Bug description:
  I caught this whilst writing unit tests. If a secure site loads a
  resource from a different domain but that resource load comes with an
  invalid certificate, WebView.onCertificateError will fire with the
  isSubresource property set to true. If the application then allow's
  this, WebView.securityStatus.securityLevel does not indicate a
  degraded security level as expected.

  It *does* work if the subresource is from the same domain as the main
  document, as that host is marked as having ran insecure content.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1368385/+subscriptions