- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 27 Sep 2016 09:44:16 +0200
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Crispin Cowan <crispin@microsoft.com>, "wilander@apple.com" <wilander@apple.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Sep 27, 2016 at 6:37 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > My 2c: it is just plain weird to allow a seemingly powerful feature > like connecting to localhost from http sites (insecure contexts) but > block it from https sites (secure contexts). So, I am all for allowing > that. That really depends on whether it is secure or not, no? If we want to establish trust in HTTPS and distrust in HTTP, copying insecure features from HTTP to HTTPS would be a bad move. -- https://annevankesteren.nl/
Received on Tuesday, 27 September 2016 07:44:47 UTC