- From: Gregory Maxwell <gmaxwell@gmail.com>
- Date: Sat, 13 Nov 2010 20:00:34 -0500
On Sat, Nov 13, 2010 at 5:37 PM, Ingo Chao <i4chao at googlemail.com> wrote: > 2010/11/13 timeless <timeless at gmail.com>: [snip] > Good contracts with the component's providers of a mashup are > neccessary, but not sufficient to resolve the mixed https/http issue > in reality. Another ingredient for a secure mashup would be the event > I am proposing, to alert the mashup's owner that something was going > wrong, by mistake. That a component was loaded insecure. This sounds to me like the kind of reasoning which resulted in the CSP policy set stuff: https://developer.mozilla.org/en/Security/CSP (and, in particular, the violation reports)
Received on Saturday, 13 November 2010 17:00:34 UTC