Re: Strict mixed content checking (was Re: MIX: Exiting last call?)

On Mon, Dec 15, 2014 at 10:39 PM, Mike West <> wrote:
> Hrm. I don't think we can do this by default; if we could, we wouldn't be
> making a distinction between blockable and optionally-blockable at all, but
> it seems like there's general agreement that we're not there yet.
> How do you see strict-mode-by-default playing out?

I mean, do not block optionally-blockable content within the main
document, but block it by default in all frames. That + "default-src
https wss" would be equivalent to your suggested
strict-mixed-content-checking directive.


Received on Tuesday, 16 December 2014 20:35:27 UTC