W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2015

Re: CfC: Republish MIX as CR; deadline July 29th.

From: Mike West <mkwst@google.com>
Date: Wed, 5 Aug 2015 09:48:12 +0200
Message-ID: <CAKXHy=fOuJUNT-0R+3zzAED+_zxpzMC-4Qu1j-T2adh-4mCNyQ@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brian Smith <brian@briansmith.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Last I heard, Anne was going to decide whether we would end up defining the
"Is X a passthrough request?" property in MIX or Fetch. I don't have a
strong opinion either way.

That said, I'm also on a beach in Italy right now, and will be through
Saturday. It would be lovely if I could update MIX according to Anne's
decision on Monday, but I won't get to it before then.

-mike
On Aug 5, 2015 01:51, "Brad Hill" <hillbrad@gmail.com> wrote:

> After reading this thread, it seems to have reached a conclusion, and I
> see that there is one new issue opened related to displaying Mixed Content
> UI when something insecure if fetched or retrieved from the Cache API.
> https://github.com/w3c/webappsec/issues/412
>
> I do not see any PRs to address this issue.
>
> Is this:
>
> 1) A consensus blocker?
> 2) Something that can be done entirely in Fetch, or does it require
> changes to MIX?
> 3) Acceptable as a Level 2 feature?
>
> -Brad
>
> On Thu, Jul 30, 2015 at 4:22 AM Mike West <mkwst@google.com> wrote:
>
>> I think this is the semantic we need for MIX. If you implement it in
>> Fetch, brilliant. If not, I think I'll need to implement it in MIX, which
>> is less brilliant, but fine.
>>
>> -mike
>> On Jul 30, 2015 12:41, "Anne van Kesteren" <annevk@annevk.nl> wrote:
>>
>>> On Thu, Jul 30, 2015 at 12:26 PM, Mike West <mkwst@google.com> wrote:
>>> > Still, examining the `window` and `client` property sees like a
>>> strange way
>>> > of asking "Is this a passthrough request?" One way of dealing with that
>>> > indirection is to bake it into Fetch. Another is to rewrite the
>>> algorithm in
>>> > MIX to make more sense. It sounds like you'd prefer the latter, Anne.
>>>
>>> I'm not sure, I haven't made up my mind. Indicating "passthrough" in
>>> some way might have value elsewhere too, though I can't immediately
>>> think of anything. It is a bit weird how this works out for MIX, but
>>> copying context over for three values where that has use seems wrong
>>> too. And we definitely need to keep client/window around for a whole
>>> bunch of things.
>>>
>>>
>>> --
>>> https://annevankesteren.nl/
>>>
>>
Received on Wednesday, 5 August 2015 07:48:42 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC