W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2018

Mixed Content Level 2

From: John Wilander <wilander@apple.com>
Date: Thu, 08 Feb 2018 11:33:46 -0800
Message-id: <7F23A7FB-0CCA-4FDD-B27E-776A3D67046E@apple.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi WebAppSec!

Emily brought up the idea of upgrading rather than blocking mixed content requests during TPAC:
https://www.w3.org/2017/11/07-webappsec-minutes.html#item02 <https://www.w3.org/2017/11/07-webappsec-minutes.html#item02>

We are positive trying to do this and it seems Mozilla is too. Microsoft is tentatively negative because of breakage and perf. (Please correct me if my interpretation is wrong.)

The issue the WG kind of left open was HTTP image requests with some specific references to image search in Google and Bing. Tanvi mentioned stripping cookies as a middle way if we have to still support mixed images.

Is Mixed Content Level 2 a thing? Are any of the browsers doing something in this space, especially auto-upgrade?

   Regards, John
Received on Thursday, 8 February 2018 19:34:42 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 8 February 2018 19:34:43 UTC