- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Thu, 5 Feb 2015 21:39:31 -0800
- To: Mike West <mkwst@google.com>
- Cc: Joel Weinberger <jww@google.com>, Emily Stark <estark@google.com>, Jim Manico <jim.manico@owasp.org>, Ryan Sleevi <sleevi@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevk@annevk.nl>, Adam Langley <agl@google.com>
> > I believe that ServiceWorker has even less chance of distinguishing an > extension-driven request from a "real" request, given its distance from the > point where the content is injected. Can you elaborate on the mechanism > you'd like to see? hmm..I got the sense that there were two different (a bit entangled) discussions in this email. 1) How to detect places where a site is using http and 2) how to upgrade it to https (possibly via a directive or via JS). I was focusing on the latter when talking about ServiceWorkers. I guess it doesn't help in cases where you don't actually support HTTPS in some obscure origin and thus can't upgrade automatically. cheers Dev > -mike > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, > Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: > Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Friday, 6 February 2015 05:40:19 UTC