W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > February 2012

[Bug 15562] It's unfortunate that URLs in the manifest must have the same scheme as the manifest itself. This prohibits listing https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js in a manifest that may be served over either http or https and prohibits p

From: <bugzilla@jessica.w3.org>
Date: Mon, 06 Feb 2012 23:35:30 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1RuY5q-0004K8-No@jessica.w3.org>

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
                 CC|                            |ian@hixie.ch
         Resolution|                            |WONTFIX

--- Comment #2 from Ian 'Hixie' Hickson <ian@hixie.ch> 2012-02-06 23:35:30 UTC ---
Manifests in data: URLs makes no sense, since they couldn't be updated, so the
cache would never ever be updated even if the server went away altogether, or
changed ownership, or whatnot.

Not being able to reference a secure URL from an insecure manifest is a
problem, true. It's not really clear to me why you'd bother with encrypting a
library if the rest isn't encrypted though. So I don't think this is compelling
enough to relax the restriction.

The restriction is primarily intended to protect against the opposite case, an
https:// manifest using unencrypted resources.

Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 6 February 2012 23:37:24 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:26 UTC