On Tue, May 31, 2011 at 10:25 AM, Christopher Blizzard
wrote:
> On 5/31/2011 8:24 AM, Brian Smith wrote:
>>
>> We have also discussed blocking https+ws:// content completely in our
>> WebSockets implementation, so that all WebSockets on a HTTPS page must be
>> wss://. That way, we could avoid maki
On 5/31/2011 8:24 AM, Brian Smith wrote:
We have also discussed blocking https+ws:// content completely in our
WebSockets implementation, so that all WebSockets on a HTTPS page must be
wss://. That way, we could avoid making mixed content problems any worse.
Do you have a bug on file for that
[ => dev.security ]
Honza Bambas wrote:
> This seems to be something we are trying to solve with an opt-in
> feature Http-Strict-Transport-Security (HSTS). What chrome and
> IE are trying to do is to block insecure content on the client
> side unconditionally. Not sure how much sites this gonna br
