Re: CfC: Mixed Content to PR; deadline July 6th. from Brian Smith on 2015-07-08 (public-webappsec@w3.org from July 2015)

From: Brian Smith <brian@briansmith.org>
Date: Wed, 8 Jul 2015 14:52:23 -0400
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Ryan Sleevi <sleevi@google.com>, Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>, Brad Hill <hillbrad@gmail.com>, Kristijan Burnik <burnik@google.com>
Message-ID: <CAFewVt5TMQ9Q88xjtZiE6tAm=gsQVY21+kXTtRo4wZ7bNe+5cg@mail.gmail.com>

Brian Smith <brian@briansmith.org> wrote:

> Read what Mike said again. He said that it might be something to change in
> the NEXT version of Mixed Content, not the current version. He also said
> that mixed content "fetch" is blocked in Chrome the way the current draft
> says to do things.
>

Reading the source code for the Mozilla Firefox browser [1], I see that
Firefox has also explicitly chosen to block mixed-content 'fetch'.

(I also saw that it is mistakenly not blocking mixed content 'beacon' and
'ping'. I filed bug

[1]
https://dxr.mozilla.org/mozilla-central/source/dom/security/nsMixedContentBlocker.cpp#423
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1181683

Received on Wednesday, 8 July 2015 18:52:52 UTC