W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: Upgrade mixed content URLs through HTTP header

From: Jim Manico <jim.manico@owasp.org>
Date: Mon, 2 Feb 2015 07:58:20 -0800
Message-ID: <2960862390681949652@unknownmsgid>
To: Mike West <mkwst@google.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, WebAppSec WG <public-webappsec@w3.org>, Ryan Sleevi <sleevi@google.com>, Adam Langley <agl@google.com>
> The only way to support clients that don't support the thing we haven't implemented yet would be to alter the links at the source.

You can always have JavaScript do this for you... Take Clickjacking
defense: Just like X-Frame-Options issues with legacy clients, there
are pure Js framebusting solutions that are rameasonable.

--
Jim Manico
@Manicode
(808) 652-3805

> On Feb 2, 2015, at 7:50 AM, Mike West <mkwst@google.com> wrote:
>
> The only way to support clients that don't support the thing we haven't implemented yet would be to alter the links at the source.
Received on Monday, 2 February 2015 15:58:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC