[Bug 26332] Applications should only use EME APIs on secure origins (e.g. HTTPS)

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26332

--- Comment #11 from David Dorwin <ddorwin@google.com> ---
(In reply to Mark Watson from comment #8)
> > 
> > These would be mixed content scenarios, which should be addressed by
> > https://w3c.github.io/webappsec/specs/mixedcontent/.
> > 
> 
> Ironically, that URL results in an SSL Connection Error, which kind-of
> illustrates one of the problems.

What browser are you using? It works fine for me in Chrome and Firefox. I don't
think the fact that SSL might not be configured correctly means we should avoid
using it. SSL needs to be configured and used correctly for many other reasons.

(In reply to Mark Watson from comment #10)
> I suggest we revert those changes until we have consensus.

What specifically do you want to revert? There is no normative requirement for
secure origins in the text. The current text provides information about the
issues to implementors and authors to help them make informed decisions.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 24 July 2014 19:37:35 UTC