984a01226e
For vague historical reasons, when running insecure content on a website, Chrome would remember that for the hostname for the lifetime of the renderer process, i.e. downgrade the security UI for that hostname for the lifetime of the process. Tying this memory to the renderer process doesn't really make sense because the insecure content could taint the whole origin outside the lifetime of the renderer process. This CL changes this behavior to record these events simply by hostname, not by hostname/process ID pair. This new behavior is still a bit weird from a security UI perspective, because the exception will be cleared when the browser restarts; i.e., the whole origin won't be tainted permanently, but rather for the lifetime of the browser. That's okay because users have to click through some pretty buried UI to get into this state. We can assume that users who get into this state are aware of the implications, therefore it's not necessary to have perfect fidelity browser UI to remind them of the security state they're in. Bug: 402278327 Change-Id: I49c89b8a673af4d5274c8547c6b8604072ec85e1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6352900 Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Richard (Torne) Coles <torne@chromium.org> Reviewed-by: Carlos IL <carlosil@chromium.org> Commit-Queue: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/heads/main@{#1432862}
v8
@ 69192f2176
Chromium
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone! Instead,
follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure.
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.