W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: CfC: Republish MIX as CR; deadline July 29th.

From: Mike West <mkwst@google.com>
Date: Thu, 30 Jul 2015 10:01:56 +0200
Message-ID: <CAKXHy=diZDoNMMAJbM+uGBkDGubLoJcs2pSrJnWXJyuMtQ9pLQ@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Brian Smith <brian@briansmith.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>
On Tue, Jul 28, 2015 at 7:38 PM, Anne van Kesteren <annevk@annevk.nl> wrote:

> > In particular, my understanding of what was agreed is that a service
> worker
> > should be allowed to forward (unmodified) http:// requests for <img
> src>,
> > <video src>, and <audio src>, but otherwise any other http:// fetch in
> an
> > HTTPS document should be disallowed. But it is unclear that that is what
> the
> > document says.
> That doesn't really match my understanding.

What is your understanding of what we agreed on earlier in the thread?
Brian's description matches my understanding of what we talked about in


Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Thursday, 30 July 2015 08:02:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:50 UTC