W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2014

Re: [MIX] Consider all CORS requests "active"

From: Brian Smith <brian@briansmith.org>
Date: Tue, 22 Jul 2014 12:42:02 -0700
Message-ID: <CAFewVt53TUaKXGhHrzyU6SHJ42GRVWUVSqgnQdRM_SjFn+raQw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Jake Archibald <jaffathecake@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Jul 22, 2014 at 2:54 AM, Mike West <mkwst@google.com> wrote:
> I've pushed
> https://github.com/w3c/webappsec/commit/63b19a728191e74059c190d2769f7cf44e3a0fec
> in an attempt to resolve the two items this thread raised. It drops the
> 'active'/'passive' distinction as we've previously discussed, and blocks
> CORS-enabled mixed requests.
>
> Does the current draft (https://w3c.github.io/webappsec/specs/mixedcontent/)
> accurately capture the intent of those two proposals?

I also think that the changes are good and that the document is moving
in the right direction.

Cheers,
Brian
Received on Tuesday, 22 July 2014 19:42:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC