+1 On Fri, Jul 17, 2015 at 4:45 AM Mike West <mkwst@google.com> wrote: > I'm reliably informed that I'm simply incorrect about Chrome's behavior: > Alex says that Flipboard is already using a Service Worker, and relies on > the ability to cache insecure image content. That surprises me a bit, since > the mixed content implementation in Blink doesn't have an obvious > exclusion, but I don't doubt his claim. > > Nevertheless, I believe we decided in the F2F earlier this week to > transition the document to PR as it stands, and to come back to the > question of exclusions (both for SW and for things like EME) in a "Level 2" > document (Brad, Wendy, does that match your recollection?). > > -mike > > -- > Mike West <mkwst@google.com>, @mikewest > > Google Germany GmbH, Dienerstrasse 12, 80331 München, > Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der > Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth > Flores > (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) > > On Wed, Jul 8, 2015 at 8:52 PM, Brian Smith <brian@briansmith.org> wrote: > >> Brian Smith <brian@briansmith.org> wrote: >> >>> Read what Mike said again. He said that it might be something to change >>> in the NEXT version of Mixed Content, not the current version. He also said >>> that mixed content "fetch" is blocked in Chrome the way the current draft >>> says to do things. >>> >> >> Reading the source code for the Mozilla Firefox browser [1], I see that >> Firefox has also explicitly chosen to block mixed-content 'fetch'. >> >> (I also saw that it is mistakenly not blocking mixed content 'beacon' and >> 'ping'. I filed bug >> >> [1] >> https://dxr.mozilla.org/mozilla-central/source/dom/security/nsMixedContentBlocker.cpp#423 >> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1181683 >> > >
Received on Friday, 17 July 2015 16:44:51 UTC