Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: do not flag blob urls as insecure #2330

Merged
merged 2 commits into from
May 22, 2017
Merged

fix: do not flag blob urls as insecure #2330

merged 2 commits into from
May 22, 2017

Conversation

patrickhulce
Copy link
Collaborator

fixes #2323

ebidel
ebidel approved these changes May 22, 2017
View reviewed changes
Copy link
Contributor

@ebidel ebidel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybz a test

brendankenny
brendankenny approved these changes May 22, 2017
View reviewed changes
Copy link
Member

@brendankenny brendankenny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Just to confirm, chrome treats than the same way?

@patrickhulce
Copy link
Collaborator Author

Looks good. Just to confirm, chrome treats than the same way?

yup

var debug = {hello: "world"};
var blob = new Blob([JSON.stringify(debug, null, 2)], {type : 'application/json'});
var url = URL.createObjectURL(blob);
fetch(url).then(resp => resp.json()).then(console.log);
> Object {hello: "world"}
fetch('http://same-domain').then(resp => resp.json()).then(console.log);
> Mixed Content: The page at 'https://developer.mozilla.org/en-US/docs/Web/API/Blob' was loaded over HTTPS, but requested an insecure resource 'http://developer.mozilla.org/en-US/docs/Web/API/Blob'. This request has been blocked; the content must be served over HTTPS.

@patrickhulce patrickhulce merged commit 0d0e93f into master May 22, 2017
@patrickhulce patrickhulce deleted the insecure_blob branch May 22, 2017 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulirish paulirish paulirish approved these changes

@ebidel ebidel ebidel approved these changes

@brendankenny brendankenny brendankenny approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

blob url shouldn't be flagged as insecure
4 participants
@patrickhulce @paulirish @ebidel @brendankenny