- From: <bugzilla@jessica.w3.org>
- Date: Mon, 25 Aug 2014 04:18:27 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332 --- Comment #73 from Ryan Sleevi <sleevi@google.com> --- (In reply to Henri Sivonen from comment #72) > (In reply to Henri Sivonen from comment #70) > > The largest chunk of traffic is the media data, which is "passive mixed > > content" if embedded from an insecure origin into a page coming from a > > secure origin. > > Oops. That's not the case with MSE+XHR. Indeed, it's pretty big change if as > a side effect of MSE use, the media segments end up having to come from a > secure origin in addition to the application code and the key acquisition > being restricted to secure origins. Considering that the majority of UAs already restrict XHRs as active mixed content (FF, IE, Chrome), I think this is a given, and not a change but the norm. Still, I don't think that media content necessarily means it's not a privacy risk, considering the relationship of media content to the licensing itself - even if it's not directly tied to key acquisition. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 25 August 2014 04:18:31 UTC