- From: Tomoyuki Shimizu <notifications@github.com>
- Date: Tue, 10 Oct 2017 18:46:45 -0700
- To: httpslocal/usecases <usecases@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 11 October 2017 01:47:13 UTC
@Vermat99 What UC-3 indicates is that the web app provided through HTTPS, i.e. in a [secure context](https://w3c.github.io/webappsec-secure-contexts/), is not allowed to access resources through HTTP because [mixed content](https://w3c.github.io/webappsec-mixed-content/) is restricted in the current web security policy. Even if the web app is hosted by localhost, it is practically regarded as a secure context and eventually its access to other devices in the same local network through HTTP is blocked due to the mixed content restriction. Such a restriction is also applied to fetch operations by service workers, of course. Although we could avoid such a restriction by issuing a TLS certificate to each device, the certificate cannot be issued because domain validation (DV) of the device is practically impossible. That is our motivation. If you have an interest, we appreciate your participation. Thanks a lot for your comment! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpslocal/usecases/issues/9#issuecomment-335657187
Received on Wednesday, 11 October 2017 01:47:13 UTC