W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?

From: Ingo Chao <i4chao@googlemail.com>
Date: Sat, 13 Nov 2010 23:37:58 +0100
Message-ID: <AANLkTinCad7Noh9n9Wmj_+2Yf3wTcYW=tT8ZyXZ6n_WU@mail.gmail.com>
2010/11/13 timeless <timeless at gmail.com>:
> On Sat, Nov 13, 2010 at 2:52 PM, Ingo Chao <i4chao at googlemail.com> wrote:
>> The mashup combines components, some of them are not under my control.
>> The advertisement service provides 3rd party ads, they will change
>> often.
>
>> Including the ad service means that I never know if and when
>> someone throws in http content into the mix.
>
> You need a better contract with your advertiser. You need to demand
> that they don't provide non https content.
>
> Besides, no advertiser in their right mind wouldn't want to know that
> you only want https content. Each time your users load a page and the
> advertiser fails to load an ad, the advertiser loses money.
>

Good contracts with the component's providers of a mashup are
neccessary, but not sufficient to resolve the mixed https/http issue
in reality. Another ingredient for a secure mashup would be the event
I am proposing, to alert the mashup's owner that something was going
wrong, by mistake. That a component was loaded insecure.

Thanks,
Ingo
Received on Saturday, 13 November 2010 14:37:58 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC