On Tue, May 31, 2011 at 10:25 AM, Christopher Blizzard <blizz...@mozilla.com> wrote: > On 5/31/2011 8:24 AM, Brian Smith wrote: >> >> We have also discussed blocking https+ws:// content completely in our >> WebSockets implementation, so that all WebSockets on a HTTPS page must be >> wss://. That way, we could avoid making mixed content problems any worse. > > Do you have a bug on file for that yet?
If you'd be willing to file a bug at bugs.webkit.org too (and CC me), I can help make sure WebKit and Firefox end up with the same behavior here. Thanks, Adam _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security