[Bug 15562] It's unfortunate that URLs in the manifest must have the same scheme as the manifest itself. This prohibits listing https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js in a manifest that may be served over either http or https and prohibits p from bugzilla@jessica.w3.org on 2012-02-06 (public-html-bugzilla@w3.org from February 2012)

From: <bugzilla@jessica.w3.org>
Date: Mon, 06 Feb 2012 23:35:30 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1RuY5q-0004K8-No@jessica.w3.org>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=15562

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |ian@hixie.ch
         Resolution|                            |WONTFIX

--- Comment #2 from Ian 'Hixie' Hickson <ian@hixie.ch> 2012-02-06 23:35:30 UTC ---
Manifests in data: URLs makes no sense, since they couldn't be updated, so the
cache would never ever be updated even if the server went away altogether, or
changed ownership, or whatnot.

Not being able to reference a secure URL from an insecure manifest is a
problem, true. It's not really clear to me why you'd bother with encrypting a
library if the rest isn't encrypted though. So I don't think this is compelling
enough to relax the restriction.

The restriction is primarily intended to protect against the opposite case, an
https:// manifest using unencrypted resources.

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Monday, 6 February 2012 23:37:24 UTC