Re: [SRI] Escaping mixed-content blocking for video distribution

On Thu, Nov 13, 2014 at 10:50 AM, Mike West <> wrote:
> But if offering such a thing lead to Netflix and other media providers
> migrating everything but video distribution over to HTTPS, and allows us to
> lock down APIs with dangerous characteristics (like EME and WebCrypto) to a
> document whose ancestor chain is all HTTPS, then it's probably worth
> considering, at least in the short run.

Are we actually blocking fetch()'s no CORS mode? Or is that allowed to
cross the HTTPS to HTTP boundary? I guess it would have to be allowed
otherwise using service workers would break sites that depend on HTTP
assets, but allowing it also seems rather shitty.


Received on Thursday, 13 November 2014 09:56:04 UTC