websocket; hixie: Prevent authors from shooting themselves in the foot here. Note that this blocks some legitimate use cases -- let me know if you think we should remove this restriction. It's easy to work around -- provide services over wss:// -- but some service providers might not bother. (whatwg r6385)

websocket; hixie: Prevent authors from shooting themselves in the foot
here. Note that this blocks some legitimate use cases -- let me know if
you think we should remove this restriction. It's easy to work around --
provide services over wss:// -- but some service providers might not
bother. (whatwg r6385)

http://dev.w3.org/cvsweb/html5/websockets/Overview.html?r1=1.234&r2=1.235&f=h
http://html5.org/tools/web-apps-tracker?from=6384&to=6385

===================================================================
RCS file: /sources/public/html5/websockets/Overview.html,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -d -r1.234 -r1.235
--- Overview.html 5 Aug 2011 23:44:09 -0000 1.234
+++ Overview.html 8 Aug 2011 21:02:32 -0000 1.235
@@ -213,7 +213,7 @@
 
    <h1>The WebSocket API</h1>
    
-   <h2 class="no-num no-toc" id="editor-s-draft-5-august-2011">Editor's Draft 5 August 2011</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-8-august-2011">Editor's Draft 8 August 2011</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/websockets/">http://www.w3.org/TR/websockets/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -317,7 +317,7 @@
   </dl><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications
   Working Group</a> is the W3C working group responsible for this
   specification's progress along the W3C Recommendation track.
-  This specification is the 5 August 2011 Editor's Draft.
+  This specification is the 8 August 2011 Editor's Draft.
   <p>This specification is being developed in conjunction with an
   Internet Draft for a wire protocol, the WebSocket Protocol,
   available from the following location:<ul><li>WebSocket Protocol Internet-Draft: <a href="http://www.whatwg.org/specs/web-socket-protocol/">http://www.whatwg.org/specs/web-socket-protocol/</a></li>
@@ -452,6 +452,11 @@
    <var title="">secure</var>. If this fails, throw a
    <code>SYNTAX_ERR</code> exception and abort these steps. <a href="#refsWSP">[WSP]</a></li>
 
+   <li><p>If <var title="">secure</var> is false but the
+   <span>origin</span> of the <span>entry script</span> has a scheme
+   component that is itself a secure protocol, e.g. HTTPS, then throw
+   a <code>SECURITY_ERR</code> exception.</li>
+
    <li>
 
     <p>If <var title="">port</var> is a port to which the user agent

Received on Monday, 8 August 2011 21:02:43 UTC