- From: Mike West <mkwst@google.com>
- Date: Wed, 22 Jul 2015 13:46:01 +0200
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Cc: Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>
- Message-ID: <CAKXHy=cdssABVc=-7p_Dpc_HkzhJ87+=fHKuQ+OBST1F4k1qbA@mail.gmail.com>
This is a CfC to take the following version of MIX back to CR for another month: https://w3c.github.io/webappsec/specs/mixedcontent/published/2015-08-CR.html Based on feedback during the review period for MIX, we've made two substantive changes to the document since the CR we published in February: 1. We dropped the "Deprecated TLS-protection" concept which was marked as "at-risk" in the original CR. 2. As discussed in https://lists.w3.org/Archives/Public/public-webappsec/2015Jul/0137.html, we've changed MIX to handle passthrough `fetch()` requests inside Service Workers as optionally-blockable if they're triggered from optionally-blockable Document-generated requests. Other editorial changes which can be found in their entirety at https://github.com/w3c/webappsec/commits/master/specs/mixedcontent/index.src.html . Also of note: we now have substantial test coverage at https://github.com/w3c/web-platform-tests/tree/master/mixed-content. We'll need to add tests for the Service Worker behavior we expect to see now, but there's already very solid overlap in behavior between Chrome, Firefox, Safari, and IE, such that I hope advancement to PR will be relatively straightforward. The deadline for this CfC is one week from today, July 29th. As always, explicit feedback to public-webappsec@w3.org is appreciated. :) Thanks! -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Wednesday, 22 July 2015 11:46:49 UTC