From 2e0780308c7ef2258422efd34c968091d7cd5b65 Mon Sep 17 00:00:00 2001
From: Cheng Zhao <zcbenz@gmail.com>
Date: Tue, 24 Jan 2017 14:42:02 +0900
Subject: [PATCH] allowDisplayingInsecureContent is removed by Chrome

---
 atom/browser/atom_browser_client.cc           | 1 -
 atom/browser/web_contents_preferences.cc      | 3 ---
 docs-translations/fr-FR/tutorial/security.md  | 1 -
 docs-translations/jp/tutorial/security.md     | 1 -
 docs-translations/ko-KR/api/browser-window.md | 5 +----
 docs-translations/ko-KR/api/webview-tag.md    | 2 +-
 docs-translations/ko-KR/tutorial/security.md  | 1 -
 docs-translations/pt-BR/api/browser-window.md | 3 +--
 docs-translations/pt-BR/tutorial/security.md  | 1 -
 docs-translations/zh-CN/api/browser-window.md | 4 +---
 docs/api/browser-window.md                    | 6 ++----
 docs/api/webview-tag.md                       | 2 +-
 docs/tutorial/security.md                     | 1 -
 13 files changed, 7 insertions(+), 24 deletions(-)

diff --git a/atom/browser/atom_browser_client.cc b/atom/browser/atom_browser_client.cc
index bad2999ed6..d0bbf4ad53 100644
--- a/atom/browser/atom_browser_client.cc
+++ b/atom/browser/atom_browser_client.cc
@@ -160,7 +160,6 @@ void AtomBrowserClient::OverrideWebkitPrefs(
   prefs->allow_universal_access_from_file_urls = true;
   prefs->allow_file_access_from_file_urls = true;
   prefs->experimental_webgl_enabled = true;
-  prefs->allow_displaying_insecure_content = false;
   prefs->allow_running_insecure_content = false;
 
   // Custom preferences of guest page.
diff --git a/atom/browser/web_contents_preferences.cc b/atom/browser/web_contents_preferences.cc
index 05ee1e3ffc..5afa3070f0 100644
--- a/atom/browser/web_contents_preferences.cc
+++ b/atom/browser/web_contents_preferences.cc
@@ -233,11 +233,8 @@ void WebContentsPreferences::OverrideWebkitPrefs(
     prefs->experimental_webgl_enabled = b;
   if (self->web_preferences_.GetBoolean("webSecurity", &b)) {
     prefs->web_security_enabled = b;
-    prefs->allow_displaying_insecure_content = !b;
     prefs->allow_running_insecure_content = !b;
   }
-  if (self->web_preferences_.GetBoolean("allowDisplayingInsecureContent", &b))
-    prefs->allow_displaying_insecure_content = b;
   if (self->web_preferences_.GetBoolean("allowRunningInsecureContent", &b))
     prefs->allow_running_insecure_content = b;
   const base::DictionaryValue* fonts = nullptr;
diff --git a/docs-translations/fr-FR/tutorial/security.md b/docs-translations/fr-FR/tutorial/security.md
index 7b22899177..d398a07436 100644
--- a/docs-translations/fr-FR/tutorial/security.md
+++ b/docs-translations/fr-FR/tutorial/security.md
@@ -46,7 +46,6 @@ Il ne s'agit pas d'une liste exhaustive, mais au moins, pour palier aux problèm
 , et utiliser des règles strictes (i.e. `script-src 'self'`)
 * [Surcharger et désactiver `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6-L8)
 , qui permet à des chaines de caractères d'être exécutées comme du code.
-* Ne pas assigner `allowDisplayingInsecureContent` à true.
 * Ne pas assigner `allowRunningInsecureContent` à true.
 * Ne pas activer `experimentalFeatures` ou `experimentalCanvasFeatures` à moins d'être sûr ce que vous faites.
 * Ne pas utiliser `blinkFeatures` à moins d'être sûr ce que vous faites.
diff --git a/docs-translations/jp/tutorial/security.md b/docs-translations/jp/tutorial/security.md
index 57c47e4de7..70b84cce70 100644
--- a/docs-translations/jp/tutorial/security.md
+++ b/docs-translations/jp/tutorial/security.md
@@ -32,7 +32,6 @@ Electronは新しいバージョンのChromiumを出来るだけ早くサポー
 * `webSecurity`を無効にしないください。無効にすると、same-origin policyが無効になります。
 * [`Content-Security-Policy`](http://www.html5rocks.com/en/tutorials/security/content-security-policy/)を定義して、スクリプトの読み込み元を制限してください。(例: `script-src 'self'`)
 * [`eval`を無効にしてください。](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6) evalは文字列をコードとして実行してしまいます。
-* `allowDisplayingInsecureContent` を有効にしないでください。
 * `allowRunningInsecureContent` を有効にしないでください。
 * しっかり理解していない限りは`experimentalFeatures`や`experimentalCanvasFeatures`を有効にしないでください。
 * しっかり理解していない限りは`blinkFeatures`を有効にしないでください。
diff --git a/docs-translations/ko-KR/api/browser-window.md b/docs-translations/ko-KR/api/browser-window.md
index 106f8aad3b..3c94b87464 100644
--- a/docs-translations/ko-KR/api/browser-window.md
+++ b/docs-translations/ko-KR/api/browser-window.md
@@ -229,12 +229,9 @@ On Windows it is
   * `javascript` Boolean - 자바스크립트를 활성화합니다. 기본값은 `false`입니다.
   * `webSecurity` Boolean - `false`로 지정하면 same-origin 정책을 비활성화
     합니다. (이 속성은 보통 사람들에 의해 웹 사이트를 테스트할 때 사용합니다)
-    그리고 `allowDisplayingInsecureContent`와 `allowRunningInsecureContent` 두
+    그리고`allowRunningInsecureContent` 두
     속성을 사용자가 `true`로 지정되지 않은 경우 `true`로 지정합니다. 기본값은
     `true`입니다.
-  * `allowDisplayingInsecureContent` Boolean - https 페이지에서 http URL에서
-    로드한 이미지 같은 리소스를 표시할 수 있도록 허용합니다. 기본값은 `false`
-    입니다.
   * `allowRunningInsecureContent` Boolean - https 페이지에서 http URL에서 로드한
     JavaScript와 CSS 또는 플러그인을 실행시킬 수 있도록 허용합니다. 기본값은
     `false`입니다.
diff --git a/docs-translations/ko-KR/api/webview-tag.md b/docs-translations/ko-KR/api/webview-tag.md
index ed8105ce8f..b40dc0605b 100644
--- a/docs-translations/ko-KR/api/webview-tag.md
+++ b/docs-translations/ko-KR/api/webview-tag.md
@@ -190,7 +190,7 @@ API를 사용할 수 있습니다. 이를 지정하면 내부에서 로우레벨
 ### `webpreferences`
 
 ```html
-<webview src="https://github.com" webpreferences="allowDisplayingInsecureContent, javascript=no"></webview>
+<webview src="https://github.com" webpreferences="allowRunningInsecureContent, javascript=no"></webview>
 ```
 웹뷰에 설정될 웹 환경설정을 나타내는 `,` 로 구분된 문자열의 목록입니다.
 지원되는 환경설정 문자열의 전체 목록은
diff --git a/docs-translations/ko-KR/tutorial/security.md b/docs-translations/ko-KR/tutorial/security.md
index e13cd1e999..1f80bbac29 100644
--- a/docs-translations/ko-KR/tutorial/security.md
+++ b/docs-translations/ko-KR/tutorial/security.md
@@ -61,7 +61,6 @@ Electron이 새로운 버전의 Chromium을 가능한 한 빠르게 지원하려
   를 정의하고, 한정적인 규칙을 사용하세요 (i.e. `script-src 'self'`)
 * 문자열을 코드로 실행할 수 있는
   [`eval`을 덮어쓰고 비활성화](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6-L8)하세요.
-* `allowDisplayingInsecureContent`를 `true`로 설정하지 마세요.
 * `allowRunningInsecureContent`를 `true`로 설정하지 마세요.
 * 무엇을 하고 있는지 확실히 알고 있지않는 이상 `experimentalFeatures` 또는
   `experimentalCanvasFeatures`를 활성화하지 마세요.
diff --git a/docs-translations/pt-BR/api/browser-window.md b/docs-translations/pt-BR/api/browser-window.md
index f03411efae..8080cf5f90 100644
--- a/docs-translations/pt-BR/api/browser-window.md
+++ b/docs-translations/pt-BR/api/browser-window.md
@@ -66,9 +66,8 @@ Ela cria uma nova `BrowserWindow` com propriedades nativas definidas pelo `optio
   * `partition` String - Define a sessão utilizada pela página. Se `partition` começa com `persist:`, a página irá utilizar uma sessão persistente disponível para todas as páginas do aplicativo com a mesma `partition`. Se não houver o prefixo `persist:`, a página irá utilizar uma sessão em memória. Ao utilizar a mesma `partition`, várias páginas podem compartilhar a mesma sessão. Se a `partition` for indefinida, então a sessão padrão do aplicativo será utilizada.
   * `zoomFactor` Number - O fator de *zoom* da página, `3.0` representa `300%`. O padrão é `1.0`.
   * `javascript` Boolean - Habilita suporte à JavaScript. O padrão é `true`.
-  * `webSecurity` Boolean - Quando definido como `false`, irá desabilitar a política de mesma origem (Geralmente usando sites de teste por pessoas), e definir    `allowDisplayingInsecureContent` e `allowRunningInsecureContent` como
+  * `webSecurity` Boolean - Quando definido como `false`, irá desabilitar a política de mesma origem (Geralmente usando sites de teste por pessoas), e definir  `allowRunningInsecureContent` como
     `true` se estas duas opções não tiverem sido definidas pelo usuário. O padrão é `true`.
-  * `allowDisplayingInsecureContent` Boolean - Permite que uma página https exiba conteúdo como imagens de URLs http. O padrão é `false`.
   * `allowRunningInsecureContent` Boolean - Permite que uma página https rode JavaScript, CSS ou plugins de URLs http. O padrão é `false`.
   * `images` Boolean - Habilita suporte a imagens. O padrão é `true`.
   * `java` Boolean - Habilita suporte a Java. O padrão é `false`.
diff --git a/docs-translations/pt-BR/tutorial/security.md b/docs-translations/pt-BR/tutorial/security.md
index 8832db5419..c566756c73 100644
--- a/docs-translations/pt-BR/tutorial/security.md
+++ b/docs-translations/pt-BR/tutorial/security.md
@@ -27,7 +27,6 @@ Este não é á prova de balas, mas, ao menos, você deve tentar o seguinte:
 * Não desative `webSecurity`. Destivá-lo irá desativar a política de mesma origem.
 * Definir um [`Content-Security-Policy`](http://www.html5rocks.com/en/tutorials/security/content-security-policy/), e usar regras restritivas (i.e. `script-src 'self'`)
 * [Substituir e desativar `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6-L8), que permite strings para ser executadas como código.
-* Não defina `allowDisplayingInsecureContent` para true.
 * Nao defina `allowRunningInsecureContent` para true.
 * Não ative `experimentalFeatures` ou `experimentalCanvasFeatures` se você não sabe o que está fazendo.
 * Não use `blinkFeatures` se você não sabe o que está fazendo.
diff --git a/docs-translations/zh-CN/api/browser-window.md b/docs-translations/zh-CN/api/browser-window.md
index e36407bc03..9faa908503 100644
--- a/docs-translations/zh-CN/api/browser-window.md
+++ b/docs-translations/zh-CN/api/browser-window.md
@@ -100,9 +100,7 @@ win.show()
   `300%`. 默认 `1.0`.
 * `javascript` Boolean - 开启javascript支持. 默认为`true`.
 * `webSecurity` Boolean - 当设置为 `false`, 它将禁用同源策略 (通常用来测试网站), 并且如果有2个非用户设置的参数，就设置
-  `allowDisplayingInsecureContent` 和 `allowRunningInsecureContent` 的值为
-  `true`. 默认为 `true`.
-* `allowDisplayingInsecureContent` Boolean -允许一个使用 https的界面来展示由 http URLs 传过来的资源. 默认`false`.
+  `allowRunningInsecureContent` 的值为`true`. 默认为 `true`.
 * `allowRunningInsecureContent` Boolean - Boolean -允许一个使用 https的界面来渲染由 http URLs 提交的html,css,javascript. 默认为 `false`.
 * `images` Boolean - 开启图片使用支持. 默认 `true`.
 * `textAreasAreResizable` Boolean - textArea 可以编辑. 默认为 `true`.
diff --git a/docs/api/browser-window.md b/docs/api/browser-window.md
index 1dbb92508a..370902be99 100644
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@@ -238,10 +238,8 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
     * `javascript` Boolean (optional) - Enables JavaScript support. Default is `true`.
     * `webSecurity` Boolean (optional) - When `false`, it will disable the
       same-origin policy (usually using testing websites by people), and set
-      `allowDisplayingInsecureContent` and `allowRunningInsecureContent` to
-      `true` if these two options are not set by user. Default is `true`.
-    * `allowDisplayingInsecureContent` Boolean (optional) - Allow an https page to display
-      content like images from http URLs. Default is `false`.
+      `allowRunningInsecureContent` to `true` if this options has not been set
+      by user. Default is `true`.
     * `allowRunningInsecureContent` Boolean (optional) - Allow an https page to run
       JavaScript, CSS or plugins from http URLs. Default is `false`.
     * `images` Boolean (optional) - Enables image support. Default is `true`.
diff --git a/docs/api/webview-tag.md b/docs/api/webview-tag.md
index 4d62739484..b0e1721ad2 100644
--- a/docs/api/webview-tag.md
+++ b/docs/api/webview-tag.md
@@ -203,7 +203,7 @@ windows. Popups are disabled by default.
 ### `webpreferences`
 
 ```html
-<webview src="https://github.com" webpreferences="allowDisplayingInsecureContent, javascript=no"></webview>
+<webview src="https://github.com" webpreferences="allowRunningInsecureContent, javascript=no"></webview>
 ```
 
 A list of strings which specifies the web preferences to be set on the webview, separated by `,`.
diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md
index 6962f79256..1af370c3f3 100644
--- a/docs/tutorial/security.md
+++ b/docs/tutorial/security.md
@@ -64,7 +64,6 @@ This is not bulletproof, but at the least, you should attempt the following:
 , and use restrictive rules (i.e. `script-src 'self'`)
 * [Override and disable `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6-L8)
 , which allows strings to be executed as code.
-* Do not set `allowDisplayingInsecureContent` to true.
 * Do not set `allowRunningInsecureContent` to true.
 * Do not enable `experimentalFeatures` or `experimentalCanvasFeatures` unless
   you know what you're doing.