[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?

Gregory Maxwell gmaxwell at gmail.com
Sat Nov 13 17:00:34 PST 2010


On Sat, Nov 13, 2010 at 5:37 PM, Ingo Chao <i4chao at googlemail.com> wrote:
> 2010/11/13 timeless <timeless at gmail.com>:
[snip]
> Good contracts with the component's providers of a mashup are
> neccessary, but not sufficient to resolve the mixed https/http issue
> in reality. Another ingredient for a secure mashup would be the event
> I am proposing, to alert the mashup's owner that something was going
> wrong, by mistake. That a component was loaded insecure.

This sounds to me like the kind of reasoning which resulted in the CSP
policy set stuff:

https://developer.mozilla.org/en/Security/CSP

(and, in particular, the violation reports)



More information about the whatwg mailing list