From 30d555299c27066507ec9e05e53c14b4752180a2 Mon Sep 17 00:00:00 2001 From: Florian Scholz Date: Thu, 14 Nov 2024 14:14:24 +0100 Subject: [PATCH 1/3] Add Mixed content --- features/{draft/spec => }/mixed-content.yml | 8 +++++--- .../{draft/spec => }/mixed-content.yml.dist | 17 +++++++++++------ 2 files changed, 16 insertions(+), 9 deletions(-) rename features/{draft/spec => }/mixed-content.yml (64%) rename features/{draft/spec => }/mixed-content.yml.dist (87%) diff --git a/features/draft/spec/mixed-content.yml b/features/mixed-content.yml similarity index 64% rename from features/draft/spec/mixed-content.yml rename to features/mixed-content.yml index 4502594341d..5581079bc45 100644 --- a/features/draft/spec/mixed-content.yml +++ b/features/mixed-content.yml @@ -1,7 +1,9 @@ -draft_date: 2024-09-09 -name: Mixed Content -description: TODO +´name: Mixed content +description: Mixed content refers to securely loaded web pages (HTTPS) that use resources to be fetched via HTTP or another insecure protocol. spec: https://w3c.github.io/webappsec-mixed-content/ +group: security +status: + compute_from: http.mixed-content compat_features: - http.mixed-content - http.mixed-content.allow_file_urls diff --git a/features/draft/spec/mixed-content.yml.dist b/features/mixed-content.yml.dist similarity index 87% rename from features/draft/spec/mixed-content.yml.dist rename to features/mixed-content.yml.dist index c228bb87d55..82080b49012 100644 --- a/features/draft/spec/mixed-content.yml.dist +++ b/features/mixed-content.yml.dist @@ -2,14 +2,19 @@ # Do not edit this file by hand. Edit the source file instead! status: - baseline: false + baseline: high + baseline_low_date: 2020-01-15 + baseline_high_date: 2022-07-15 support: - chrome: "92" - chrome_android: "92" - edge: "92" - firefox: "127" - firefox_android: "127" + chrome: ≤79 + chrome_android: "79" + edge: "79" + firefox: ≤23 + firefox_android: "23" + safari: ≤9.1 + safari_ios: ≤9.3 compat_features: + # ⬇️ Same status as overall feature ⬇️ # baseline: high # baseline_low_date: 2020-01-15 # baseline_high_date: 2022-07-15 From 5f9e6cfe8553090b9d09db81f8e2eb7dcd32a354 Mon Sep 17 00:00:00 2001 From: Florian Scholz Date: Mon, 18 Nov 2024 12:36:14 +0100 Subject: [PATCH 2/3] Make it about 'Mixed content handling' --- features/mixed-content.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/mixed-content.yml b/features/mixed-content.yml index 5581079bc45..d5eed5a9af8 100644 --- a/features/mixed-content.yml +++ b/features/mixed-content.yml @@ -1,5 +1,5 @@ -´name: Mixed content -description: Mixed content refers to securely loaded web pages (HTTPS) that use resources to be fetched via HTTP or another insecure protocol. +´name: Mixed content handling +description: If a document is loaded over HTTPS and any of its resources are loaded over an insecure protocol, then depending on the resource type, the browser will either attempt to load the insecure resource over HTTPS or block it. spec: https://w3c.github.io/webappsec-mixed-content/ group: security status: From e17145613147214ad910d391df7bb3cb9f5fc9d9 Mon Sep 17 00:00:00 2001 From: Florian Scholz Date: Tue, 19 Nov 2024 11:47:15 +0100 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Daniel D. Beck --- features/mixed-content.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/mixed-content.yml b/features/mixed-content.yml index d5eed5a9af8..bdfbbfc92f1 100644 --- a/features/mixed-content.yml +++ b/features/mixed-content.yml @@ -1,5 +1,5 @@ -´name: Mixed content handling -description: If a document is loaded over HTTPS and any of its resources are loaded over an insecure protocol, then depending on the resource type, the browser will either attempt to load the insecure resource over HTTPS or block it. +name: Mixed content handling +description: When a document is loaded over HTTPS, browsers ensure that none of the document's resources are loaded over an insecure protocol. Instead, resources that the document attempts to load over an insecure protocol are either loaded over HTTPS or are blocked. spec: https://w3c.github.io/webappsec-mixed-content/ group: security status: