- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Fri, 19 Dec 2014 20:19:51 +0100
- To: Chris Palmer <palmer@google.com>
- Cc: Tim Berners-Lee <timbl@w3.org>, Mark Nottingham <mnot@mnot.net>, Sam Ruby <rubys@intertwingly.net>, Public TAG List <www-tag@w3.org>
On Fri, Dec 19, 2014 at 8:06 PM, Chris Palmer <palmer@google.com> wrote: > On Fri, Dec 19, 2014 at 9:50 AM, Tim Berners-Lee <timbl@w3.org> wrote: >> The world is big, there are many cases out there, like data mashups, where a blanket move to HTTPS just breaks things. > > If the masher and the mashee are both hosted via secure transport, > there shouldn't be a problem. Right? Tim routinely runs into the problem that the world's data providers not always supply CORS and therefore he would need a proxy for something that could be mostly a client-side application. This sounds like a similar problem. That if his application is delivered over HTTPS, he can no longer access HTTP data resources without a proxy, even if they used CORS, due to Mixed Content. There's no easy answer for either, other than using a proxy. This is becoming a somewhat frustrating answer to give given that "native apps" do not really have this limitation, but they of course have their own share of problems. -- https://annevankesteren.nl/
Received on Friday, 19 December 2014 19:20:18 UTC