W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2018

Re: Mixed Content Level 2

From: Patrick Kettner <patket@microsoft.com>
Date: Thu, 8 Feb 2018 23:48:17 +0000
To: John Wilander <wilander@apple.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <MWHPR00MB026973D06EA4542FE0CAB7F4DEF30@MWHPR00MB0269.namprd00.prod.outlook.com>
> Microsoft is tentatively negative because of breakage and perf. (Please correct me if my interpretation is wrong.)

I missed this conversation, but after a syncing with angelo (who seems to be the one voicing this in the minutes) the opinion isn't that strong of one.

We don't have any plans to implement this, but are not against it. And while thinking about it out loud, wondered if there was a potential for a noticeable performance hit on legacy apps (who would likely never be updated).

Less of a negative, more of a "eh..."


cheers

patrick

________________________________
From: wilander@apple.com <wilander@apple.com> on behalf of John Wilander <wilander@apple.com>
Sent: Thursday, February 8, 2018 11:33 AM
To: public-webappsec@w3.org
Subject: Mixed Content Level 2

Hi WebAppSec!

Emily brought up the idea of upgrading rather than blocking mixed content requests during TPAC:
https://www.w3.org/2017/11/07-webappsec-minutes.html#item02

We are positive trying to do this and it seems Mozilla is too. Microsoft is tentatively negative because of breakage and perf. (Please correct me if my interpretation is wrong.)

The issue the WG kind of left open was HTTP image requests with some specific references to image search in Google and Bing. Tanvi mentioned stripping cookies as a middle way if we have to still support mixed images.

Is Mixed Content Level 2 a thing? Are any of the browsers doing something in this space, especially auto-upgrade?

   Regards, John
Received on Thursday, 8 February 2018 23:48:43 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 8 February 2018 23:48:44 UTC