Re: "Mixed Content" draft up for review.

On Mon, Jun 2, 2014 at 10:35 AM, Daniel Veditz <dveditz@mozilla.com> wrote:

> I think HSTS is indication that all resources, even if URL says HTTP,
>> should be accessed over HTTPS.
>>
>
> For that domain. It doesn't mean the author would never want to include
> other-domain non-SSL content. What are you going to do about the common
> case of viewing embedded images in secure GMail?


Does GMail still have mixed content due to that? See
http://gmailblog.blogspot.com/2013/12/images-now-showing.html. I think your
point still stands, but if we're going to use GMail as an example of how
websites deal with mixed content, they might be a positive example now
instead of a negative example.

Cheers,
Brian

Received on Tuesday, 3 June 2014 16:01:14 UTC