Re: Subresource integrity and mixed-content warnings

On Mon, May 23, 2016 at 12:04 PM, Frederik Creemers <> wrote:

Thank you for the reply, it makes total sense. It looks to me like the
> biggest issue here is transparency to the user. Security and privacy are
> complicated, even for tech savvy people, and you can't expect most people
> to take the time to overthink what security guarantees a particular web
> application they're using does and does not offer, so I understand browsers
> want to give users a very clear "this website is secure" or "this website
> is not secure" signal. Your response has also made me realize that there's
> no workaround for this that I can implement, as there's nothing that I can
> set up to magically make the connection between the user's browser and the
> podcaster's server secure (authenticated and encrypted).

Well, technically, it would be possible to lie. You could have your server
proxy the original podcast servers, and then the browsers would think that
the podcasts came from

But, that would be lying :) and it would also incur heavy bandwidth costs
on you. Also, I am not a lawyer, but it might be that not all podcast
publishers would approve of such a plan.

I guess the only thing I can do is hope that media servers start accepting
> secure connections as quickly as possible.

If it makes you feel any better, you're not alone. :)

Received on Monday, 23 May 2016 19:11:59 UTC