W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 19 Dec 2014 20:19:51 +0100
Message-ID: <CADnb78jG6PhXAw6DkKQu4Mb2Na4zh_i1xW3q-zP_x9u5xmKnug@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Cc: Tim Berners-Lee <timbl@w3.org>, Mark Nottingham <mnot@mnot.net>, Sam Ruby <rubys@intertwingly.net>, Public TAG List <www-tag@w3.org>
On Fri, Dec 19, 2014 at 8:06 PM, Chris Palmer <palmer@google.com> wrote:
> On Fri, Dec 19, 2014 at 9:50 AM, Tim Berners-Lee <timbl@w3.org> wrote:
>> The world is big, there are many cases out there, like data mashups, where a blanket move to HTTPS just breaks things.
> If the masher and the mashee are both hosted via secure transport,
> there shouldn't be a problem. Right?

Tim routinely runs into the problem that the world's data providers
not always supply CORS and therefore he would need a proxy for
something that could be mostly a client-side application.

This sounds like a similar problem. That if his application is
delivered over HTTPS, he can no longer access HTTP data resources
without a proxy, even if they used CORS, due to Mixed Content.

There's no easy answer for either, other than using a proxy. This is
becoming a somewhat frustrating answer to give given that "native
apps" do not really have this limitation, but they of course have
their own share of problems.

Received on Friday, 19 December 2014 19:20:18 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:33:27 UTC