From 77a8a3d33c952acf169417e820b114103a332066 Mon Sep 17 00:00:00 2001
From: Haojian Wu <hokein.wu@gmail.com>
Date: Wed, 29 Jul 2015 16:09:32 +0800
Subject: [PATCH 1/3] Add `allow-running-insecure-content`,
 `allow-display-insecure-content` in BrowserWindow option.

---
 atom/browser/native_window.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/atom/browser/native_window.cc b/atom/browser/native_window.cc
index c03ab1ac24a4..ca5df45d1782 100644
--- a/atom/browser/native_window.cc
+++ b/atom/browser/native_window.cc
@@ -434,6 +434,10 @@ void NativeWindow::OverrideWebkitPrefs(content::WebPreferences* prefs) {
     prefs->experimental_webgl_enabled = b;
   if (web_preferences_.Get("webaudio", &b))
     prefs->webaudio_enabled = b;
+  if (web_preferences_.Get("allow-displaying-insecure-content", &b))
+    prefs->allow_displaying_insecure_content = b;
+  if (web_preferences_.Get("allow-running-insecure-content", &b))
+    prefs->allow_running_insecure_content = b;
   if (web_preferences_.Get("web-security", &b)) {
     prefs->web_security_enabled = b;
     prefs->allow_displaying_insecure_content = !b;

From 1d0568dd5b73b06326831d6866f94240521ace5c Mon Sep 17 00:00:00 2001
From: Haojian Wu <hokein.wu@gmail.com>
Date: Wed, 29 Jul 2015 16:15:16 +0800
Subject: [PATCH 2/3] :memo: `allow-running-insecure-content` and
 `allow-displaying-insecure-content`.

---
 docs/api/browser-window.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/api/browser-window.md b/docs/api/browser-window.md
index cee68183f783..b6f254460763 100644
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@@ -76,7 +76,15 @@ You can also create a window without chrome by using
     textured window. Defaults to `true`.
   * `web-preferences` Object - Settings of web page's features
     * `javascript` Boolean
-    * `web-security` Boolean
+    * `web-security` Boolean - When setting `false`, it will disable the same-origin
+      policy(Ususally using testing websites by people) and set `allow_displaying_insecure_content`
+      and `allow_running_insecure_content` to `true`.
+    * `allow-displaying-insecure-content` Boolean - Allow a https page to display
+      content like image from http URLs. This option will be overrided to `true`
+      when `web-security` option is set.
+    * `allow-running-insecure-content` Boolean - Allow a https page to run JavaScript,
+      CSS or plugins from http URLs. This option will be overrided to `true` when
+      `web-security` option is set.
     * `images` Boolean
     * `java` Boolean
     * `text-areas-are-resizable` Boolean

From f154da38e6f9f2299b95981e831fe08533bc69e6 Mon Sep 17 00:00:00 2001
From: Haojian Wu <hokein.wu@gmail.com>
Date: Wed, 29 Jul 2015 18:07:06 +0800
Subject: [PATCH 3/3] Make 'allow-displaying-insecure-content' and
 'allow-running-insecure-content' higher priority than `web-security`.

---
 atom/browser/native_window.cc |  8 ++++----
 docs/api/browser-window.md    | 11 +++++------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/atom/browser/native_window.cc b/atom/browser/native_window.cc
index ca5df45d1782..ac3efc604e07 100644
--- a/atom/browser/native_window.cc
+++ b/atom/browser/native_window.cc
@@ -434,15 +434,15 @@ void NativeWindow::OverrideWebkitPrefs(content::WebPreferences* prefs) {
     prefs->experimental_webgl_enabled = b;
   if (web_preferences_.Get("webaudio", &b))
     prefs->webaudio_enabled = b;
-  if (web_preferences_.Get("allow-displaying-insecure-content", &b))
-    prefs->allow_displaying_insecure_content = b;
-  if (web_preferences_.Get("allow-running-insecure-content", &b))
-    prefs->allow_running_insecure_content = b;
   if (web_preferences_.Get("web-security", &b)) {
     prefs->web_security_enabled = b;
     prefs->allow_displaying_insecure_content = !b;
     prefs->allow_running_insecure_content = !b;
   }
+  if (web_preferences_.Get("allow-displaying-insecure-content", &b))
+    prefs->allow_displaying_insecure_content = b;
+  if (web_preferences_.Get("allow-running-insecure-content", &b))
+    prefs->allow_running_insecure_content = b;
   if (web_preferences_.Get("extra-plugin-dirs", &list)) {
     if (content::PluginService::GetInstance()->NPAPIPluginsSupported()) {
       for (size_t i = 0; i < list.size(); ++i)
diff --git a/docs/api/browser-window.md b/docs/api/browser-window.md
index b6f254460763..f8830632caa6 100644
--- a/docs/api/browser-window.md
+++ b/docs/api/browser-window.md
@@ -77,14 +77,13 @@ You can also create a window without chrome by using
   * `web-preferences` Object - Settings of web page's features
     * `javascript` Boolean
     * `web-security` Boolean - When setting `false`, it will disable the same-origin
-      policy(Ususally using testing websites by people) and set `allow_displaying_insecure_content`
-      and `allow_running_insecure_content` to `true`.
+      policy(Usually using testing websites by people), and set `allow_displaying_insecure_content`
+      and `allow_running_insecure_content` to `true` if these two options are not
+      set by user.
     * `allow-displaying-insecure-content` Boolean - Allow a https page to display
-      content like image from http URLs. This option will be overrided to `true`
-      when `web-security` option is set.
+      content like image from http URLs.
     * `allow-running-insecure-content` Boolean - Allow a https page to run JavaScript,
-      CSS or plugins from http URLs. This option will be overrided to `true` when
-      `web-security` option is set.
+      CSS or plugins from http URLs.
     * `images` Boolean
     * `java` Boolean
     * `text-areas-are-resizable` Boolean