W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: CfC: Republish MIX as CR; deadline July 29th.

From: Mike West <mkwst@google.com>
Date: Thu, 30 Jul 2015 10:01:56 +0200
Message-ID: <CAKXHy=diZDoNMMAJbM+uGBkDGubLoJcs2pSrJnWXJyuMtQ9pLQ@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Brian Smith <brian@briansmith.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>
On Tue, Jul 28, 2015 at 7:38 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> > In particular, my understanding of what was agreed is that a service
> worker
> > should be allowed to forward (unmodified) http:// requests for <img
> src>,
> > <video src>, and <audio src>, but otherwise any other http:// fetch in
> an
> > HTTPS document should be disallowed. But it is unclear that that is what
> the
> > document says.
>
> That doesn't really match my understanding.
>

What is your understanding of what we agreed on earlier in the thread?
Brian's description matches my understanding of what we talked about in
https://lists.w3.org/Archives/Public/public-webappsec/2015Jul/0123.html.

-mike

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Thursday, 30 July 2015 08:02:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC