Re: [MIX] Consider all CORS requests "active"

On Tue, Jul 22, 2014 at 2:54 AM, Mike West <mkwst@google.com> wrote:
> I've pushed
> https://github.com/w3c/webappsec/commit/63b19a728191e74059c190d2769f7cf44e3a0fec
> in an attempt to resolve the two items this thread raised. It drops the
> 'active'/'passive' distinction as we've previously discussed, and blocks
> CORS-enabled mixed requests.
>
> Does the current draft (https://w3c.github.io/webappsec/specs/mixedcontent/)
> accurately capture the intent of those two proposals?

I also think that the changes are good and that the document is moving
in the right direction.

Cheers,
Brian

Received on Tuesday, 22 July 2014 19:42:29 UTC