- From: Mike West <notifications@github.com>
- Date: Thu, 05 Nov 2015 02:23:12 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Thursday, 5 November 2015 10:23:39 UTC
@bifurcation: Are you working with @rlbmoz on this? This is super-similar to the priming that he proposed (and that I've started writing up at http://mikewest.github.io/hsts-priming/ so I can shop it around to folks who have expressed concerns in the past). :) @annevk: No, blocking mixed content doesn't have special side-effects. I do need to split CSP into a "report-only" and "enforce" step, however, as we want the former to trigger before upgrading, and the latter after. Relatedly, I agree that we would want to do this for all non-navigational requests coming from a client that restricts mixed content. I don't think we'd want to do it just for blockable content types, as that would still lead to loading insecure content in some cases where we could otherwise avoid it. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/150#issuecomment-154019324
Received on Thursday, 5 November 2015 10:23:39 UTC