I'm reliably informed that I'm simply incorrect about Chrome's behavior: Alex says that Flipboard is already using a Service Worker, and relies on the ability to cache insecure image content. That surprises me a bit, since the mixed content implementation in Blink doesn't have an obvious exclusion, but I don't doubt his claim. Nevertheless, I believe we decided in the F2F earlier this week to transition the document to PR as it stands, and to come back to the question of exclusions (both for SW and for things like EME) in a "Level 2" document (Brad, Wendy, does that match your recollection?). -mike -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Wed, Jul 8, 2015 at 8:52 PM, Brian Smith <brian@briansmith.org> wrote: > Brian Smith <brian@briansmith.org> wrote: > >> Read what Mike said again. He said that it might be something to change >> in the NEXT version of Mixed Content, not the current version. He also said >> that mixed content "fetch" is blocked in Chrome the way the current draft >> says to do things. >> > > Reading the source code for the Mozilla Firefox browser [1], I see that > Firefox has also explicitly chosen to block mixed-content 'fetch'. > > (I also saw that it is mistakenly not blocking mixed content 'beacon' and > 'ping'. I filed bug > > [1] > https://dxr.mozilla.org/mozilla-central/source/dom/security/nsMixedContentBlocker.cpp#423 > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1181683 >
Received on Friday, 17 July 2015 11:45:32 UTC