W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2018

Re: Mixed Content Level 2

From: Tanvi Vyas <tanvi@mozilla.com>
Date: Thu, 8 Feb 2018 11:49:35 -0800
Message-ID: <CALC7Gs5KAA6wZHgqK=0fd-OgBALu=hidHixas7S-KV0H5Zvb_g@mail.gmail.com>
To: John Wilander <wilander@apple.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hey John,

A few of us are actually getting together to discuss this the day before
our next webappsec call.  I will invite you as well.  We at Mozilla have a
few other proposals, including the one where we strip cookies from passive
content.  We can get together and discuss all our different ideas and take
it from there.


On Thu, Feb 8, 2018 at 11:33 AM, John Wilander <wilander@apple.com> wrote:

> Hi WebAppSec!
> Emily brought up the idea of upgrading rather than blocking mixed content
> requests during TPAC:
> https://www.w3.org/2017/11/07-webappsec-minutes.html#item02
> We are positive trying to do this and it seems Mozilla is too. Microsoft
> is tentatively negative because of breakage and perf. (Please correct me if
> my interpretation is wrong.)
> The issue the WG kind of left open was HTTP image requests with some
> specific references to image search in Google and Bing. Tanvi mentioned
> stripping cookies as a middle way if we have to still support mixed images.
> Is Mixed Content Level 2 a thing? Are any of the browsers doing something
> in this space, especially auto-upgrade?
>    Regards, John
Received on Thursday, 8 February 2018 19:49:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:03 UTC