- From: sleevi <notifications@github.com>
- Date: Fri, 03 Jul 2015 07:47:44 -0700
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Received on Friday, 3 July 2015 14:48:11 UTC
> Actually, maybe "accepts mixed content" should be a request flag within fetch, then fetch can decide whether to just reject on an insecure response or trigger mixed content warnings. *Exclusively* that doesn't work if the flag changes over time (and it will). If the initial fetch() had the flag set (and allowed), then was entered into the Cache, then later the client changed (e.g. say they went HSTS and started blocking optionally-blockable content), then if the Response was served from the Cache, it'd be serving mixed content. If the flag is there, it's arguably an optimization, not a security boundary. And it's an optimization that may not be needed if there was, say, streaming (since you could defer initializing the stream/sending the request until surfacing the Response to the Client) Anyways, I suspect this is yet-another-bug, so maybe we should fork it off. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/119#issuecomment-118366728
Received on Friday, 3 July 2015 14:48:11 UTC