Comment 0 for bug 1368385

If a secure site loads a resource from a different domain but that resource load comes with a broken certificate, WebView.onCertificateError will fire with the isSubresource property set to true. If the application then allow's this, WebView.securityStatus.securityLevel does not indicate a degraded to security level.

It *does* work if the subresource is from the same domain as the main document, as that host is marked as having ran insecure content.