W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 3 Feb 2015 16:47:26 +0100
Message-ID: <CADnb78hYA7ssmax6m60FrxGAJ0bT7xyVnRd3Lo11Q3yU4DVc-A@mail.gmail.com>
To: "Eduardo' Vela <Nava>" <evn@google.com>
Cc: Mike West <mkwst@google.com>, Ryan Sleevi <sleevi@google.com>, Wendy Seltzer <wseltzer@w3.org>, Adam Langley <agl@google.com>, WebAppSec WG <public-webappsec@w3.org>, Peter Eckersley <pde@eff.org>
On Tue, Feb 3, 2015 at 4:40 PM, Eduardo' Vela" <Nava> <evn@google.com> wrote:
> I was hoping this would work as a *-src directive, since there are sites
> that will (for ever) need to fetch http:// resources over XHR (eg,
> Chromecast).

That is blocked already. (XMLHttpRequest (CORS, more generally) does
not allow for Mixed Content.) What am I missing?

Received on Tuesday, 3 February 2015 15:47:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:46 UTC