- From: Mike West <mkwst@google.com>
- Date: Wed, 5 Aug 2015 09:48:12 +0200
- To: Brad Hill <hillbrad@gmail.com>
- Cc: Anne van Kesteren <annevk@annevk.nl>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brian Smith <brian@briansmith.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=fOuJUNT-0R+3zzAED+_zxpzMC-4Qu1j-T2adh-4mCNyQ@mail.gmail.com>
Last I heard, Anne was going to decide whether we would end up defining the "Is X a passthrough request?" property in MIX or Fetch. I don't have a strong opinion either way. That said, I'm also on a beach in Italy right now, and will be through Saturday. It would be lovely if I could update MIX according to Anne's decision on Monday, but I won't get to it before then. -mike On Aug 5, 2015 01:51, "Brad Hill" <hillbrad@gmail.com> wrote: > After reading this thread, it seems to have reached a conclusion, and I > see that there is one new issue opened related to displaying Mixed Content > UI when something insecure if fetched or retrieved from the Cache API. > https://github.com/w3c/webappsec/issues/412 > > I do not see any PRs to address this issue. > > Is this: > > 1) A consensus blocker? > 2) Something that can be done entirely in Fetch, or does it require > changes to MIX? > 3) Acceptable as a Level 2 feature? > > -Brad > > On Thu, Jul 30, 2015 at 4:22 AM Mike West <mkwst@google.com> wrote: > >> I think this is the semantic we need for MIX. If you implement it in >> Fetch, brilliant. If not, I think I'll need to implement it in MIX, which >> is less brilliant, but fine. >> >> -mike >> On Jul 30, 2015 12:41, "Anne van Kesteren" <annevk@annevk.nl> wrote: >> >>> On Thu, Jul 30, 2015 at 12:26 PM, Mike West <mkwst@google.com> wrote: >>> > Still, examining the `window` and `client` property sees like a >>> strange way >>> > of asking "Is this a passthrough request?" One way of dealing with that >>> > indirection is to bake it into Fetch. Another is to rewrite the >>> algorithm in >>> > MIX to make more sense. It sounds like you'd prefer the latter, Anne. >>> >>> I'm not sure, I haven't made up my mind. Indicating "passthrough" in >>> some way might have value elsewhere too, though I can't immediately >>> think of anything. It is a bit weird how this works out for MIX, but >>> copying context over for three values where that has use seems wrong >>> too. And we definitely need to keep client/window around for a whole >>> bunch of things. >>> >>> >>> -- >>> https://annevankesteren.nl/ >>> >>
Received on Wednesday, 5 August 2015 07:48:42 UTC