Re: CfC: Mixed Content to Last Call?

On Thu, Oct 30, 2014 at 9:35 AM, Mike West <mkwst@google.com> wrote:
>
> All these terms get irky when you apply them to resources created from
>> blob or data URLs.
>>
>
> +Chris Palmer, who loves nothing more than naming things.
>

How about this: let's avoid the problem entirely by just answering the
question "Can I use powerful features in this context?":
https://w3c.github.io/webappsec/specs/mixedcontent/#powerful-features


>
>> > I don't believe there are any substantive controversies remaining, but
>> if
>> > I've missed anything, this CfC is a nice forcing function to get it out
>> into
>> > the open. :)
>>
>> I think it is still problematic that it tries to make claims based on
>> origins. I thought the idea was to do away with that and instead base
>> those checks on objects that can actually assertions about involvement
>> of TLS or localhost, namely responses and environment settings
>> objects.
>>
>
> Hrm. Yeah, I did want to do something with that. I'll poke at it today.
>

Rewrote the section, as above. Take a look!

-mike


--
Mike West <mkwst@google.com>
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91

Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)

Received on Thursday, 30 October 2014 11:48:02 UTC