- From: Yves Lafon <ylafon@w3.org>
- Date: Wed, 19 Nov 2014 07:20:54 -0500 (EST)
- To: Mike West <mkwst@google.com>
- cc: ted@w3.org, "SULLIVAN, BRYAN L" <bs3131@att.com>, Daniel Appelquist <appelquist@gmail.com>, TAG List <www-tag@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Brad Hill <hillbrad@gmail.com>
On Mon, 17 Nov 2014, Mike West wrote:
> On Mon, Nov 17, 2014 at 7:13 PM, Ted Guild <ted@w3.org> wrote:
> It seems here that you're letting perfect be the enemy of good. For
> example, I'd be a little bit happier if I could choose to point people to
> https://www.w3.org/TR/mixed-content/ without being redirected to HTTP.
> That's more or less what `tools.ietf.org` seems to be doing, and it's
> certainly better than nothing.
>
> * Mixed content warning algorithms are based on the page as it is
>> retrieved and not as it is served.
>
>
> I'm sure you're aware of this, but that is intentional behavior.
>
>> So even with HSTS and us redirecting
>> all HTTP to the corresponding HTTPS our users will get inundated with
>> mixed content warnings.
>
>
> Until you fix the underlying resources. :)
We have tons of historic content that can't be upgraded. There is a plan
to rewrite all the mailing list archives as it can be relatively easy to
regenerate.
So if the behaviour in https://bugzilla.mozilla.org/show_bug.cgi?id=838395
is intentional to force people to upgrade references, it is still
problematic to display a warning that is untrue.
Even worse than that, if https://www.example.com/ refers to
https://www.example.com/asset/foo, then https://www.example.com/asset/foo
is redirected to http://www.example.com/asset/foo, then the icon basically
says that everything was securely transferred, which was NOT the case. Is
that an intentional behaviour? :)
--
Baroula que barouleras, au tiƩu toujou t'entourneras.
~~Yves
Received on Wednesday, 19 November 2014 12:20:58 UTC