ubuntu-webapps-bugs team mailing list archive

Thread
Date

[Bug 1387728] Re: [regression] securityStatus.securityLevel isn’t updated when loading insecure content over a secure connection in the 1.3 branch

To: ubuntu-webapps-bugs@xxxxxxxxxxxxxxxxxxx
From: Chris Coulson <chris.coulson@xxxxxxxxxxxxx>
Date: Fri, 31 Oct 2014 16:12:03 -0000
Reply-to: Bug 1387728 <1387728@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: oxide
       Status: New => Invalid

** Changed in: oxide/1.3
       Status: New => Triaged

** Changed in: oxide/1.3
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1387728

Title:
  [regression] securityStatus.securityLevel isn’t updated when loading
  insecure content over a secure connection in the 1.3 branch

Status in Oxide Webview:
  Invalid
Status in Oxide 1.3 series:
  Triaged

Bug description:
  I’m testing the 1.3 branch (version 1.3.2 currently in the phablet-
  team PPA), and while going through the webbrowser-app test plan at
  https://wiki.ubuntu.com/Process/Merges/TestPlan/webbrowser-app, I
  found a regression, for this particular test case:

  « Browse to https://m.7digital.com/GB/releases/1530991 , verify that
  you get a padlock icon that ensures that the connection is secure. Now
  tap on the play button of one of the tracks, and verify that a warning
  icon appears next to the padlock icon to signify that insecure content
  was loaded over a secure connection. »

  This works fine with oxide 1.2.4, but with 1.3.2 I’m not seeing the
  warning icon appear when playing a song any longer. It appears
  WebView.securityStatus.securityLevel isn’t updated.

  I’ve built the latest trunk (revision 820) and the regression appears
  to be fixed there.

  The issue can easily be observed with the following example:

      import QtQuick 2.0
      import com.canonical.Oxide 1.0

      WebView {
          id: webview

          url: "https://m.7digital.com/GB/releases/1530991";

          Connections {
              target: webview.securityStatus
              onSecurityLevelChanged: console.log("security level changed:", webview.securityStatus.securityLevel)
          }
      }

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1387728/+subscriptions

References

[Bug 1387728] [NEW] [regression] securityStatus.securityLevel isn’t updated when loading insecure content over a secure connection in the 1.3 branch
From: Olivier Tilloy, 2014-10-30