Application Cache and HTTPS Certificates

This is a demonstration of a bug I found in WebKit, involving the use of Application Cache and HTTPS certificates. It seems that when a web page specifies an Application Cache (using the manifest attribute on its html tag), web browsers do not consistently display the webpage's HTTPS certificate.

How To Use This Demo

  1. Navigate to this page in a web browser.
  2. Verify that the lock icon appears, and that you can actually view the web page's HTTPS certificate.
  3. Close the web browser.
  4. Open the web browser again.
  5. Navigate to this page again.

Expected Result

The HTTPS lock icon appears again, and you can still view the HTTPS certificate.

Actual Result

In Epiphany (on Linux), the HTTPS lock icon displays a warning claiming the site is insecure, and you cannot see the HTTPS certificate.

In Safari (on MacOS), the HTTPS lock icon displays as normal, but clicking the icon does not display the HTTPS certificate.

In Google Chrome (on Linux and MacOS, but not on Windows), the HTTPS lock icon converts to the 'info' icon, claims the site is not secure, but it does not explain why, and you cannot see the certificate anymore. I know that Google Chrome technically does not use WebKit anymore, but I thought it was a useful comparison.