W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: Upgrade mixed content URLs through HTTP header

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 4 Feb 2015 09:07:03 +0100
Message-ID: <CADnb78hTqMUi7wwWDOF6ArmH_b5jo0D0-vu_L3HsVPgYin5mrw@mail.gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: Tom Ritter <tom@ritter.vg>, Mike West <mkwst@google.com>, Ryan Sleevi <sleevi@google.com>, "Eduardo' Vela" <evn@google.com>, Wendy Seltzer <wseltzer@w3.org>, Adam Langley <agl@google.com>, WebAppSec WG <public-webappsec@w3.org>, Peter Eckersley <pde@eff.org>
On Wed, Feb 4, 2015 at 5:46 AM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:
> However, I see no reason that we should avoid coupling opportunistic
> upgrade for blocked mixed content for sites already using STS.  Is there
> a coupling objection to this use case that i'm missing?

Simplicity. Let HSTS not have unanticipated side effects. Note also
that what is blockable mixed content is not a constant.


-- 
https://annevankesteren.nl/
Received on Wednesday, 4 February 2015 08:07:27 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC