Hello, webappsec!
Based on the discussion in the public-webappsec thread starting at [1],
our face-to-face at [2], and our recent call at [3], I'd like to refresh
the Mixed Content CR with the following document that aligns mixed
content's checks with Secure Context's definition of
potentially trustworthy URLs:
https://w3c.github.io/webappsec-mixed-content/CR.html
Among other things, this means that `http://127.0.0.1/` will not
be considered mixed content when loaded in an otherwise secure page.
The deadline for this CfC is in one week, July 27th, with as short a CR
period as possible in the hopes of taking it to PR in the TPAC
timeframe. Feedback,
both positive and negative is welcome, either directly to the list, or via
some sort of clever emoji response to
*https://github.com/w3c/webappsec-mixed-content/issues/6
<https://github.com/w3c/webappsec-mixed-content/issues/6>*.
[1]: https://lists.w3.org/Archives/Public/public-webappsec/2016Apr/0044.html
[2]: https://www.w3.org/2016/05/16-webappsec-minutes.html#item05
[3]: https://www.w3.org/2016/07/13-webappsec-minutes.html#item05
-mike