Re: An HTTP->HTTPS upgrading strawman. (was Re: Upgrade mixed content URLs through HTTP header)

On Tue, Feb 3, 2015 at 4:40 PM, Eduardo' Vela" <Nava> <evn@google.com> wrote:
> I was hoping this would work as a *-src directive, since there are sites
> that will (for ever) need to fetch http:// resources over XHR (eg,
> Chromecast).

That is blocked already. (XMLHttpRequest (CORS, more generally) does
not allow for Mixed Content.) What am I missing?


-- 
https://annevankesteren.nl/

Received on Tuesday, 3 February 2015 15:47:52 UTC