- From: Mike West <notifications@github.com>
- Date: Wed, 06 May 2015 11:17:44 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Wednesday, 6 May 2015 18:18:16 UTC
> +face when transitioning from plaintext HTTP to secure connections. > + > +### ISSUE: Goal 1 Unclear > + > +Section 1.1, Goal 1: > + > +> Authors should be able to ensure that all content requested by a given page > +> loads successfully, and securely. Mixed content blocking should not break > +> pages as a result of migrating to a secure origin. > + > +This seems somewhat too ambitious for the spec. If third-party content on > +a page does not support HTTPS or stops supporting HTTPS, the page author cannot > +ensure that the content is loaded securely or at all. Inevitably, moving to > +a secure origin causes problems with mixed content blocking if the page has > +third party content that doesn't yet support HTTPS, a problem which the spec > +does not address. https://github.com/w3c/webappsec/commit/0c0a5f5c0c78016104a1d0ce81a647923387eb9e --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/pull/54/files#r29786123
Received on Wednesday, 6 May 2015 18:18:16 UTC