[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?

Ingo Chao i4chao at googlemail.com
Sat Nov 13 04:52:50 PST 2010

2010/11/13, Anne van Kesteren <annevk at opera.com>:
> On Fri, 12 Nov 2010 23:02:16 +0100, Ingo Chao <i4chao at googlemail.com>
> wrote:
>> An event that says 'something was loaded insecurely' would be helpful.
>> No need to report the URL, and no need to have the ability to prevent
>> the loading in the first place.
>> The bug reporting tool of the mashup page would inform me that the
>> mixed content warning event was fired. These issues have to be
>> investigated manually in any case.
> Maybe this is something that should be warned for in the error console
> instead then? Why does this need to be an API exposed to the web?

The mashup combines components, some of them are not under my control.
The advertisement service provides 3rd party ads, they will change
often. Including the ad service means that I never know if and when
someone throws in http content into the mix.
The error console would show the issue to me, but does not report
automatically. I don't want to be dependent on user's bug reports
regarding the warning they see occasionally. Users get upset, or think
that they'd better leave is insecure place, but usually they won't
file a but report. I need to get this info as soon as the event fires.

I've seen this scenario on some https mashups, like web mail services
that inluce ad servises into their mashup.

> --
> Anne van Kesteren
> http://annevankesteren.nl/

Ingo Chao

More information about the whatwg mailing list