[whatwg] Encrypted HTTP and related security concerns - make mixed content warnings accessible from JS?
Gregory Maxwell
gmaxwell at gmail.com
Sat Nov 13 17:00:34 PST 2010
On Sat, Nov 13, 2010 at 5:37 PM, Ingo Chao <i4chao at googlemail.com> wrote:
> 2010/11/13 timeless <timeless at gmail.com>:
[snip]
> Good contracts with the component's providers of a mashup are
> neccessary, but not sufficient to resolve the mixed https/http issue
> in reality. Another ingredient for a secure mashup would be the event
> I am proposing, to alert the mashup's owner that something was going
> wrong, by mistake. That a component was loaded insecure.
This sounds to me like the kind of reasoning which resulted in the CSP
policy set stuff:
https://developer.mozilla.org/en/Security/CSP
(and, in particular, the violation reports)
More information about the whatwg
mailing list