[Bug 26332] Applications should only use EME APIs on secure origins (e.g. HTTPS) from bugzilla@jessica.w3.org on 2014-08-23 (public-html-bugzilla@w3.org from August 2014)

From: <bugzilla@jessica.w3.org>
Date: Sat, 23 Aug 2014 13:24:20 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-26332-2486-r4hl3wvxC9@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332

--- Comment #72 from Henri Sivonen <hsivonen@hsivonen.fi> ---
(In reply to Henri Sivonen from comment #70)
> The largest chunk of traffic is the media data, which is "passive mixed
> content" if embedded from an insecure origin into a page coming from a
> secure origin.

Oops. That's not the case with MSE+XHR. Indeed, it's pretty big change if as a
side effect of MSE use, the media segments end up having to come from a secure
origin in addition to the application code and the key acquisition being
restricted to secure origins.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Saturday, 23 August 2014 13:24:22 UTC