Re: Subresource integrity and mixed-content warnings

On Mon, May 23, 2016 at 12:04 PM, Frederik Creemers <
frederikcreemers@gmail.com> wrote:

Thank you for the reply, it makes total sense. It looks to me like the
> biggest issue here is transparency to the user. Security and privacy are
> complicated, even for tech savvy people, and you can't expect most people
> to take the time to overthink what security guarantees a particular web
> application they're using does and does not offer, so I understand browsers
> want to give users a very clear "this website is secure" or "this website
> is not secure" signal. Your response has also made me realize that there's
> no workaround for this that I can implement, as there's nothing that I can
> set up to magically make the connection between the user's browser and the
> podcaster's server secure (authenticated and encrypted).
>

Well, technically, it would be possible to lie. You could have your server
proxy the original podcast servers, and then the browsers would think that
the podcasts came from https://yourserver.com.

But, that would be lying :) and it would also incur heavy bandwidth costs
on you. Also, I am not a lawyer, but it might be that not all podcast
publishers would approve of such a plan.

I guess the only thing I can do is hope that media servers start accepting
> secure connections as quickly as possible.
>

If it makes you feel any better, you're not alone. :)

Received on Monday, 23 May 2016 19:11:59 UTC