W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2016

CfC: Republish "Mixed Content" as CR; deadline July 27th.

From: Mike West <mkwst@google.com>
Date: Wed, 20 Jul 2016 11:34:33 +0200
Message-ID: <CAKXHy=eNDiZL5xMj4eW0nKqt-bXi50h2HjHgbVLsDAxVk4rNqQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Wendy Seltzer <wseltzer@w3.org>, Dan Veditz <dveditz@mozilla.com>, Brad Hill <hillbrad@gmail.com>
Hello, webappsec!

Based on the discussion in the public-webappsec thread starting at [1],
our face-to-face at [2], and our recent call at [3], I'd like to refresh
the Mixed Content CR with the following document that aligns mixed
content's checks with Secure Context's definition of
potentially trustworthy URLs:

https://w3c.github.io/webappsec-mixed-content/CR.html

Among other things, this means that `http://127.0.0.1/` will not
be considered mixed content when loaded in an otherwise secure page.

The deadline for this CfC is in one week, July 27th, with as short a CR
period as possible in the hopes of taking it to PR in the TPAC
timeframe. Feedback,
both positive and negative is welcome, either directly to the list, or via
some sort of clever emoji response to
*https://github.com/w3c/webappsec-mixed-content/issues/6
<https://github.com/w3c/webappsec-mixed-content/issues/6>*.

[1]: https://lists.w3.org/Archives/Public/public-webappsec/2016Apr/0044.html
[2]: https://www.w3.org/2016/05/16-webappsec-minutes.html#item05
[3]: https://www.w3.org/2016/07/13-webappsec-minutes.html#item05


-mike
Received on Wednesday, 20 July 2016 09:35:35 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC