...@mozilla.com
Cc: Chris Evans cev...@google.com, mozilla-dev-secur...@lists.mozilla.org
Sent: Thursday, June 16, 2011 1:42:08 PM
Subject: Re: Mixed HTTPS/non-HTTPS content in IE9 and Chrome 13 dev
On Wed, May 18, 2011 at 1:00 PM, Christopher Blizzard
blizz...@mozilla.com wrote:
On 5/18/2011
On 6/7/2011 5:52 PM, Adam Barth wrote:
On Tue, Jun 7, 2011 at 5:43 PM, Brian Smithbsm...@mozilla.com wrote:
Adam Barth wrote:
On 5/31/2011 8:24 AM, Brian Smith wrote:
We have also discussed blocking https+ws:// content completely in
our
WebSockets implementation, so that all WebSockets on a
On Wed, Jun 8, 2011 at 8:40 AM, Christopher Blizzard
blizz...@mozilla.com wrote:
On 6/7/2011 5:52 PM, Adam Barth wrote:
On Tue, Jun 7, 2011 at 5:43 PM, Brian Smithbsm...@mozilla.com wrote:
Adam Barth wrote:
On 5/31/2011 8:24 AM, Brian Smith wrote:
We have also discussed blocking https+ws://
It seems fine to me to block ws:// in https pages as long as there are
available workarounds for people who have a legitimate reason to access
ws:// from an https page. I think you can do that with an iframe to an HTTP
page, using postMessage to pass the web socket data back and forth between
the
Adam Barth wrote:
On 5/31/2011 8:24 AM, Brian Smith wrote:
We have also discussed blocking https+ws:// content completely in
our
WebSockets implementation, so that all WebSockets on a HTTPS page
must be
wss://. That way, we could avoid making mixed content problems any
worse.
On Tue, Jun 7, 2011 at 5:43 PM, Brian Smith bsm...@mozilla.com wrote:
Adam Barth wrote:
On 5/31/2011 8:24 AM, Brian Smith wrote:
We have also discussed blocking https+ws:// content completely in
our
WebSockets implementation, so that all WebSockets on a HTTPS page
must be
wss://.
On 5/31/2011 8:24 AM, Brian Smith wrote:
We have also discussed blocking https+ws:// content completely in our
WebSockets implementation, so that all WebSockets on a HTTPS page must be
wss://. That way, we could avoid making mixed content problems any worse.
Do you have a bug on file for
On Tue, May 31, 2011 at 10:25 AM, Christopher Blizzard
blizz...@mozilla.com wrote:
On 5/31/2011 8:24 AM, Brian Smith wrote:
We have also discussed blocking https+ws:// content completely in our
WebSockets implementation, so that all WebSockets on a HTTPS page must be
wss://. That way, we
Brian Smith wrote:
See https://twitter.com/#!/scarybeasts/status/69138114794360832:
Chrome 13 dev channel now blocks certain types of mixed content by
default (script, CSS, plug-ins). Let me know of any significant
breakages.
See
[-dev-tech-crypto]
On Wed, May 18, 2011 at 6:17 AM, Jean-Marc Desperrier jmd...@gmail.com wrote:
Brian Smith wrote:
See https://twitter.com/#!/scarybeasts/status/69138114794360832:
Chrome 13 dev channel now blocks certain types of mixed content by
default (script, CSS, plug-ins). Let me know
On 05/18/2011 09:45 PM, From Adam Barth:
We tried aggressively blocking active mixed content by default in the
Chrome Dev channel, but too much broke. We're going to unblock it
again and try to find some middle road.
That's a shame and very regrettable. Together with IE9 you could have
made
On Wed, May 18, 2011 at 12:04 PM, Eddy Nigg eddy_n...@startcom.org wrote:
On 05/18/2011 09:45 PM, From Adam Barth:
We tried aggressively blocking active mixed content by default in the
Chrome Dev channel, but too much broke. We're going to unblock it
again and try to find some middle road.
12 matches
Mail list logo