If a secure site loads a resource from a different domain but that resource load comes with a broken certificate, WebView.onCertificateError will fire with the isSubresource property set to true. If the application then allow's this, WebView.securityStatus.securityLevel does not indicate a degraded to security level.
It *does* work if the subresource is from the same domain as the main document, as that host is marked as having ran insecure content.
If a secure site loads a resource from a different domain but that resource load comes with a broken certificate, WebView. onCertificateEr ror will fire with the isSubresource property set to true. If the application then allow's this, WebView. securityStatus. securityLevel does not indicate a degraded to security level.
It *does* work if the subresource is from the same domain as the main document, as that host is marked as having ran insecure content.