Re: "Mixed Content" draft up for review.

On Mon, Jun 2, 2014 at 10:35 AM, Daniel Veditz <> wrote:

> I think HSTS is indication that all resources, even if URL says HTTP,
>> should be accessed over HTTPS.
> For that domain. It doesn't mean the author would never want to include
> other-domain non-SSL content. What are you going to do about the common
> case of viewing embedded images in secure GMail?

Does GMail still have mixed content due to that? See I think your
point still stands, but if we're going to use GMail as an example of how
websites deal with mixed content, they might be a positive example now
instead of a negative example.


Received on Tuesday, 3 June 2014 16:01:14 UTC