On Thu, Aug 6, 2015 at 11:20 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>
> > IMO, it is better to do in Fetch, because then (a) more specifications
> can
> > reference it, (b) people working on changing Fetch and Fetch-based things
> > may more easily notice that it is something that needs to be considered.
> and
> > (c) it is easy to tweak the Fetch spec to improve the definition later,
> if
> > necessary, than it is to improve MIX.
>
> (c) seems like a bug.
Yes and no, but it's certainly true that we're moving slower than I'd like
on this and other specs. That's partially a process problem, and partially
a "Mike is doing too many things at once, and all poorly." problem.
> (b) rings true. As for (a), nobody could think
> of any other specifications. The other problem I have is how I would
> go about defining this.
>
I've taken a stab at this question in
https://github.com/w3c/webappsec/commit/4ddce9f4c7f17c1675a87f84911f3cd6248239f0
(which really just moves around and clarifies the checks already being done
in the spec (and is more easily readable in
https://w3c.github.io/webappsec/specs/mixedcontent/#is-passthrough and the
other algorithm sections)). Adding a bit to the request might be cleaner,
but if the set of properties MIX relies on are in fact reliable, then
there's probably not a real need to add the bit.
WDYT, Brian and Anne?
-mike