[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?
Ingo Chao
i4chao at googlemail.com
Sat Nov 13 14:37:58 PST 2010
2010/11/13 timeless <timeless at gmail.com>:
> On Sat, Nov 13, 2010 at 2:52 PM, Ingo Chao <i4chao at googlemail.com> wrote:
>> The mashup combines components, some of them are not under my control.
>> The advertisement service provides 3rd party ads, they will change
>> often.
>
>> Including the ad service means that I never know if and when
>> someone throws in http content into the mix.
>
> You need a better contract with your advertiser. You need to demand
> that they don't provide non https content.
>
> Besides, no advertiser in their right mind wouldn't want to know that
> you only want https content. Each time your users load a page and the
> advertiser fails to load an ad, the advertiser loses money.
>
Good contracts with the component's providers of a mashup are
neccessary, but not sufficient to resolve the mixed https/http issue
in reality. Another ingredient for a secure mashup would be the event
I am proposing, to alert the mashup's owner that something was going
wrong, by mistake. That a component was loaded insecure.
Thanks,
Ingo
More information about the whatwg
mailing list