W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?

From: Ingo Chao <i4chao@googlemail.com>
Date: Thu, 11 Nov 2010 21:06:39 +0100
Message-ID: <AANLkTimMM9Y5+3NdUXZAPMHCU=dwSHKw+v0oY_mQjH_x@mail.gmail.com>
2010/11/11, timeless <timeless at gmail.com>:
> On Thu, Nov 11, 2010 at 12:17 PM, Ingo Chao <i4chao at googlemail.com> wrote:
>> For automated error reporting, say for a HTTPS mashup page with 3rd
>> party advertisement content, I would like to have a security warning
>> thrown for the mixed content situation (HTTPS mixed with HTTP
>> content), accessible from JavaScript.
>> Would that be possible to specify?
> sounds like it's asking for information disclosure.
> so offhand, i'd say "no".
> Use a web debugger (DragonFly, Firebug, ...).

I use a web debugger for testing a control sample, but It does not
help much until I know that every single ad is delivered via https.
Usually, I don't know. For https mashups, users will see always a few
security warnings in IE or Chrome, because a few components will be
delivered via http. Thats good, but I would like to know that, too.
The mashup should report that automatically. Hence my question
regarding a warning which is accessible via JS.



Ingo Chao
Received on Thursday, 11 November 2010 12:06:39 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC