- From: Tanvi Vyas <tanvi@mozilla.com>
- Date: Thu, 8 Feb 2018 11:49:35 -0800
- To: John Wilander <wilander@apple.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Thursday, 8 February 2018 19:49:59 UTC
Hey John, A few of us are actually getting together to discuss this the day before our next webappsec call. I will invite you as well. We at Mozilla have a few other proposals, including the one where we strip cookies from passive content. We can get together and discuss all our different ideas and take it from there. ~Tanvi On Thu, Feb 8, 2018 at 11:33 AM, John Wilander <wilander@apple.com> wrote: > Hi WebAppSec! > > Emily brought up the idea of upgrading rather than blocking mixed content > requests during TPAC: > https://www.w3.org/2017/11/07-webappsec-minutes.html#item02 > > We are positive trying to do this and it seems Mozilla is too. Microsoft > is tentatively negative because of breakage and perf. (Please correct me if > my interpretation is wrong.) > > The issue the WG kind of left open was HTTP image requests with some > specific references to image search in Google and Bing. Tanvi mentioned > stripping cookies as a middle way if we have to still support mixed images. > > Is Mixed Content Level 2 a thing? Are any of the browsers doing something > in this space, especially auto-upgrade? > > Regards, John >
Received on Thursday, 8 February 2018 19:49:59 UTC