- From: Brad Hill <hillbrad@gmail.com>
- Date: Tue, 21 Jul 2015 16:11:58 +0000
- To: Ben Gidley <ben@gidley.co.uk>, public-webappsec@w3.org
- Message-ID: <CAEeYn8hH947Mwax62RFBfBmx3_1O8=Hc0hSEM6nfYcY8FWOc1Q@mail.gmail.com>
There was a proposal of this sort (not a blanket exception, but a safer way to allow for video-over-HTTP to HTTPS pages) by Ryan Sleevi, the start of the thread can be found here: https://lists.w3.org/Archives/Public/public-webappsec/2015Feb/0371.html We discussed this last week at our face-to-face in Berlin, and the feel of the room seemed to be that the proposal was technically sound, we weren't sure who exactly the customers of it would be. I think Ryan had Netflix in mind given their previous reluctance to move to TLS for delivery, but with that resolved, nobody has publicly stepped up as wanting to adopt such a solution. Our informal rule of thumb in this group is that we've wanted expressions of interest from two "customers" of a feature before we start working on something. Ben, do you maintain a player like this, or know someone who does, who would be willing to examine and comment on Ryan's proposal? thanks, Brad Hill On Tue, Jul 21, 2015 at 1:45 AM Ben Gidley <ben@gidley.co.uk> wrote: > I'd like to ask if you've considered how this proposal effects MPEG-DASH > players using Media Source Extensions? > > I've been using DASH players and they generally all break with today's > behavior on Chrome/Firefox is you're using a HTTPS page with a HTTP CDN for > the video content. This is because they mostly fetch content via XHR for > processing in their media source extension. > > It's not very desirable to push all video over SSL (as it breaks in > network caching commonly deployed by Telco's/ISP's) - is it possible to > consider a scheme to allow a media source extension to tech video? > > > > -- > Ben Gidley > > www.gidley.co.uk > ben@gidley.co.uk >
Received on Tuesday, 21 July 2015 16:12:36 UTC