W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

[MIX] Interaction between HSTS and mixed content blocking

From: Brian Smith <brian@briansmith.org>
Date: Wed, 19 Nov 2014 13:07:50 -0800
Message-ID: <CAFewVt7f7XZ+pBy06jBHrSLMHBKiUP29Zvx7B7BHesvfZPmbdg@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
The mixed content document should specify how http:// links for HSTS
origins work: does the blocking happen before or after the internal

See Henri Sivonen's comment here:

In particular, see the message he cited, regarding how browsers'
current behavior is problematic for w3.org:

I lean toward what Henri suggested: developer tools should make noise,
but the browser should do the redirect to the HTTPS origin instead of

Received on Wednesday, 19 November 2014 21:08:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:43 UTC