W3C home > Mailing lists > Public > public-web-security@w3.org > July 2011

Re: Using CSP

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 26 Jul 2011 12:41:41 -0400
Message-ID: <4E2EEE45.5050605@mit.edu>
To: public-web-security@w3.org
On 7/26/11 6:27 AM, Nick Gearls wrote:
> However, if you have a HTTPS frame inside your HTTP page

Why would you do that?  And, importantly, why should the user trust 
anything about the result?

This seems like an antipattern that we don't really want to promote...

-Boris
Received on Tuesday, 26 July 2011 16:42:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 26 July 2011 16:42:22 GMT