- From: Yan Zhu <notifications@github.com>
- Date: Fri, 24 Apr 2015 10:25:56 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Friday, 24 April 2015 17:26:59 UTC
> +face when transitioning from plaintext HTTP to secure connections. > + > +### ISSUE: Goal 1 Unclear > + > +Section 1.1, Goal 1: > + > +> Authors should be able to ensure that all content requested by a given page > +> loads successfully, and securely. Mixed content blocking should not break > +> pages as a result of migrating to a secure origin. > + > +This seems somewhat too ambitious for the spec. If third-party content on > +a page does not support HTTPS or stops supporting HTTPS, the page author cannot > +ensure that the content is loaded securely or at all. Inevitably, moving to > +a secure origin causes problems with mixed content blocking if the page has > +third party content that doesn't yet support HTTPS, a problem which the spec > +does not address. Maybe "authors also ensure that content (both first-party and third-party) is accessible at the same host and path ..." would be clearer? --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/pull/54/files#r29067762
Received on Friday, 24 April 2015 17:26:59 UTC