- From: <bugzilla@jessica.w3.org>
- Date: Thu, 21 Aug 2014 19:26:50 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332 --- Comment #51 from Mark Watson <watsonm@netflix.com> --- (In reply to Joe Steele from comment #49) > (In reply to Ryan Sleevi from comment #47) > > (In reply to Joe Steele from comment #46) > > As far as I can tell, the main reason against restricting EME to secure > > origins only would be that it would make it harder for sites that don't > > already use secure origins to migrate from NPAPI-based DRM to EME-based DRM. > > How serious is this issue? > > I don't believe that is the issue at all. IMO, the issue is that for > performance reasons the media streams are not delivered via secure origins. > If the app must be delivered from a secure origin, delivering the streams > from an insecure origin will result in mixed-content messaging. This is > generally a bad user experience. > I believe mixed-content is often blocked completely - or it is isn't now it soon will me. I expect the response to this proposal would be very different indeed if there was a solution where only the site was delivered over HTTPS but HTTP could still be used for the content, but I don't see any prospect of such a solution. As I understand it, requiring a secure origin for EME means both site and content must switch to HTTPS. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Thursday, 21 August 2014 19:26:53 UTC