On 22 July 2014 08:00, Brian Smith <brian@briansmith.org> wrote: > >n Fri, Jul 11, 2014 at 3:21 AM, Jake Archibald <jaffathecake@gmail.com> > wrote: > > Mixed content will be opaque (like all responses to no-cors requests), > it's > > down to the eventual consumer (<img>, <script>, @font-face etc) whether > to > > block or allow. > > Why? I think it is not worth supporting the edge case of a site that > has passive mixed content AND is progressive enough to be using > ServiceWorker AND is unwilling/unable to get rid of the passive mixed > content fixed. If nothing else, the security analysis of > ServiceWorkers is a lot clearer if mixed content doesn't have to be > considered. ServiceWorker already has to deal with opaque responses for cross-origin no-cors responses. MIX already has to deal with blocking cors requests to http for <img crossorigin>, <link crossorigin> & XHR. Special-casing pages with a serviceworker is adding complication. An empty serviceworker should not alter page behaviour.Received on Tuesday, 22 July 2014 09:28:54 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC