W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: Comments on Mixed Content

From: Mike West <mkwst@google.com>
Date: Wed, 14 Jan 2015 12:15:53 +0100
Message-ID: <CAKXHy=cnp5+mW1QQmgWkcv6Ad58dHjyBFzaNpe9gGxxhocRaPA@mail.gmail.com>
To: David Walp <David.Walp@microsoft.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Chris Palmer <palmer@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Jan 14, 2015 at 7:51 AM, Mike West <mkwst@google.com> wrote:

> On Wed, Jan 14, 2015 at 12:03 AM, David Walp <David.Walp@microsoft.com>
> wrote:
>
>> How about instead of "instead return a synthetically generated network
>> error response" the wording "instead be treated as if a network or security
>> error is returned."?
>>
>
> Sure. I'll look at the Fetch spec again and copy/paste whatever the
> current wording for network error is.
>

Looking at the spec again, we've actually dropped this section entirely, as
we're just deferring to the behavior specified in Fetch. I hope that
resolves your concern.

We think we are consistent between Websockets & XHR in our engine under
>> development.  And we think our behavior is the same as Chrome.  Neither
>> should throw an exception.
>>
>
> Ok. Then we'll need to ask the websocket folks to change their spec to
> stop throwing; I'm fine with that as a solution for the same reasons that
> Anne convinced me to be fine with not throwing for XHR.
>

I've updated the editor's draft with this change:
https://w3c.github.io/webappsec/specs/mixedcontent/#websockets-integration.
(
https://github.com/w3c/webappsec/commit/f2730ad4e5125a574bc885883542e57da99cc6c3
).

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 14 January 2015 11:16:41 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC