W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?

From: Ingo Chao <i4chao@googlemail.com>
Date: Fri, 12 Nov 2010 23:02:16 +0100
Message-ID: <AANLkTimTdZj3AbH1rEYN2pZEZ0=u=y0ZsO-0F6RK1m9R@mail.gmail.com>
2010/11/12, Daniel Veditz <dveditz at mozilla.com>:
> On 11/11/10 12:06 PM, Ingo Chao wrote:
>> For https mashups, users will see always a few
>> security warnings in IE or Chrome, because a few components will be
>> delivered via http. Thats good, but I would like to know that, too.
>> The mashup should report that automatically. Hence my question
>> regarding a warning which is accessible via JS.
>
> What do you want to know, and what will your page do with that?
> Simply that "something" was loaded insecurely? An event that
> something was loaded insecurely so you can stop it from loading?
> Detailed knowledge of what URL was loaded insecurely and by whom
> (not likely to fly)?


An event that says 'something was loaded insecurely' would be helpful.
No need to report the URL, and no need to have the ability to prevent
the loading in the first place.

The bug reporting tool of the mashup page would inform me that the
mixed content warning event was fired. These issues have to be
investigated manually in any case.

thanks
Ingo

>


-- 
Ingo Chao
http://www.satzansatz.de/
Received on Friday, 12 November 2010 14:02:16 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC