- From: Mike West <notifications@github.com>
- Date: Fri, 24 Apr 2015 01:57:58 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Friday, 24 April 2015 08:58:26 UTC
> +face when transitioning from plaintext HTTP to secure connections. > + > +### ISSUE: Goal 1 Unclear > + > +Section 1.1, Goal 1: > + > +> Authors should be able to ensure that all content requested by a given page > +> loads successfully, and securely. Mixed content blocking should not break > +> pages as a result of migrating to a secure origin. > + > +This seems somewhat too ambitious for the spec. If third-party content on > +a page does not support HTTPS or stops supporting HTTPS, the page author cannot > +ensure that the content is loaded securely or at all. Inevitably, moving to > +a secure origin causes problems with mixed content blocking if the page has > +third party content that doesn't yet support HTTPS, a problem which the spec > +does not address. It's meant to be read in context of the preceding paragraph of conditions: "If we assume that ... authors also ensure that content is accessible at the same host and path on a secure scheme, then ...". --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/pull/54/files#r29033818
Received on Friday, 24 April 2015 08:58:26 UTC