W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 19 Dec 2014 20:19:51 +0100
Message-ID: <CADnb78jG6PhXAw6DkKQu4Mb2Na4zh_i1xW3q-zP_x9u5xmKnug@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Cc: Tim Berners-Lee <timbl@w3.org>, Mark Nottingham <mnot@mnot.net>, Sam Ruby <rubys@intertwingly.net>, Public TAG List <www-tag@w3.org>
On Fri, Dec 19, 2014 at 8:06 PM, Chris Palmer <palmer@google.com> wrote:
> On Fri, Dec 19, 2014 at 9:50 AM, Tim Berners-Lee <timbl@w3.org> wrote:
>> The world is big, there are many cases out there, like data mashups, where a blanket move to HTTPS just breaks things.
>
> If the masher and the mashee are both hosted via secure transport,
> there shouldn't be a problem. Right?

Tim routinely runs into the problem that the world's data providers
not always supply CORS and therefore he would need a proxy for
something that could be mostly a client-side application.

This sounds like a similar problem. That if his application is
delivered over HTTPS, he can no longer access HTTP data resources
without a proxy, even if they used CORS, due to Mixed Content.

There's no easy answer for either, other than using a proxy. This is
becoming a somewhat frustrating answer to give given that "native
apps" do not really have this limitation, but they of course have
their own share of problems.


-- 
https://annevankesteren.nl/
Received on Friday, 19 December 2014 19:20:18 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:33:27 UTC