Hi, I'm an intern with Igalia, working on adding active mixed content blocking in Epiphany. Background: WebKit already has a mixed content checker that allows browsers to decide whether they want to allow displaying passive mixed content or allow running active mixed content. All are allowed by default. For a good summary of what mixed content is, see [1] or [2]. (For Epiphany, I plan to block active mixed content and only display a warning icon for passive mixed content, since this is what major browsers do.)
I doubt we want to turn on mixed content blocking unconditionally, so we need some new API in WebKitGTK+ to allow browsers to configure this. I've implemented two obvious possibilities: Possibility 1: Just directly expose the existing internal preferences with WebKitSettings. WebKitSettings would gain two new properties, allow-display-of-insecure-content and allow-running-of-insecure-content, plus associated getters/setters. The disadvantage of Possibility 1 is that it's not a good parallel to webkit_web_context_[gs]et_tls_errors_policy(), and this would not allow browsers to override the policy on a per-page basis. For example, Firefox and Chromium both allow reloading the current page with insecure context enabled if you click an icon in the address bar. Possibility 2: Introduce a new enum, WebKitInsecureContentPolicy: WEBKIT_INSECURE_CONTENT_POLICY_ALLOW_ALL, WEBKIT_INSECURE_CONTENT_POLICY_ALLOW_DISPLAY, WEBKIT_INSECURE_CONTENT_POLICY_ALLOW_NONE (It's trivial to also add WEBKIT_INSECURE_CONTENT_POLICY_ALLOW_RUNNING, but no sane browser would want to block mixed passive content and not mixed active content, so I think we should just omit this.) I propose three associated functions: * webkit_web_context_[gs]et_insecure_content_policy(), * webkit_web_view_reload_with_insecure_content_policy() A browser could then set a default policy and also allow the user to change the policy for the current web page if content is blocked, which it can detect with the existing WebKitWebView::insecure-content-detected signal. We haven't decided if we want to do this in Epiphany, but since it's how other major browsers work I think WebKitGTK+ should make this easy regardless. Does this API seem good? If so, I will open a bug with a patch. There is one other minor problem: WebKit currently treats frames as passive content, since this is what Chromium originally did, but nowadays all major browsers treat frames as active content. Would it be permissible to change this in WebCore, so that the allow-running-insecure-content setting is checked to decide whether to block a frame, rather than the allow-display-of-insecure-content setting? I think no ports currently allow mixed content blocking (it was used by Chromium), so we probably have free reign to make changes here? Happy Tuesday, Michael Catanzaro [1] https://community.qualys.com/blogs/securitylabs/2014/03/19/https-mixed-content-still-the-easiest-way-to-break-ssl [2] https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/ _______________________________________________ webkit-gtk mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-gtk
