mixed-content
mixed-content
17. If response is not a network error and any of the following returns blocked
should internalResponse to request be blocked as mixed content
should internalResponse to request be blocked by Content Security Policy
should internalResponse to request be blocked due to its MIME type
should internalResponse to request be blocked due to nosniff
then set response and internalResponse to a network error.
1. Return allowed if one or more of the following conditions are met:
§ 4.3 Does settings prohibit mixed security contexts? returns Does Not Restrict Mixed Content when applied to request’s client.
response’s url is a potentially trustworthy URL.
The user agent has been instructed to allow mixed content, as described in § 7.2 User Controls).
request’s destination is "document", and request’s target browsing context has no parent browsing context.
Note: We exclude top-level navigations from mixed content checks, but user agents MAY choose to enforce mixed content checks on insecure form submissions (see § 7.1 Form Submission).
大まかにいって、
信頼できそうなURLの場合
data:,https:,wss:,file:,about:blank,about:srcdoc,localhostや、ブラウザベンダーが設定したもの、開発用に特別に設定されたものは信頼する
ブラウザ設定がmixedコンテンツを許可している場合
トップレベルナビゲーションである場合
に許容される
Web Fetch APIでも、redirectパラメータを変更することでこの挙動を変更でき、manualを設定し、かつリダイレクトが発生した場合、opaque-redirect filtered responseを返却する リダイレクト時、network errorを検知することはできず、Responseもほぼ無意味なものが返る
redirectが起こったというだけしかわからないね