Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid mixed-content error with JSON-LD context in HTTPS #351

Closed
1 of 5 tasks
csarven opened this issue Aug 12, 2016 · 6 comments
Closed
1 of 5 tasks

Avoid mixed-content error with JSON-LD context in HTTPS #351

csarven opened this issue Aug 12, 2016 · 6 comments
Labels
Commenter Satisfied

Comments

@csarven
Copy link
Member

csarven commented Aug 12, 2016

Please Indicate One:

  • Editorial
  • Question
  • Feedback
  • Blocking Issue
  • Non-Blocking Issue

Please Describe the Issue:

If a document is loaded over HTTPS, JSON-LD libraries are subject to getting the mixed-content error in the browser if @context uses HTTP: https://www.w3.org/ns/activitystreams

Perhaps change (especially the examples) to use https://www.w3.org/ns/activitystreams to avoid this possibility altogether.
jasnell added a commit that referenced this issue Aug 15, 2016
@jasnell
Use https ref in @context
eec430a 
Per #351
@jasnell jasnell mentioned this issue Aug 15, 2016
Closed
@csarven
Copy link
Member Author

csarven commented Aug 23, 2016

There is an equivalent issue at w3c/web-annotation#347

@csarven csarven mentioned this issue Aug 23, 2016
Closed
@evanp
Copy link
Collaborator

evanp commented Aug 23, 2016

I'm going to mark this at-risk that we may also support HTTP

@evanp
Copy link
Collaborator

evanp commented Aug 31, 2016

I've added in a note about whether we would use http-only. I'm not sure of what the use-case is. @jasnell any ideas? can we just drop http: and use https: for everything?

@jasnell
Copy link
Collaborator

jasnell commented Aug 31, 2016

https for everything is fine but... that would affect the @context URLs. It would mean that all context URLs would need to use https: or risk running into the same kind of mixed-content error.

@csarven
Copy link
Member Author

csarven commented Sep 1, 2016

See also w3c/web-annotation#347 (comment)

@evanp
Copy link
Collaborator

evanp commented Nov 8, 2016

All the examples use the HTTPS URL now; it also resolves correctly. So I think this can be safely closed.

@evanp evanp closed this as completed Nov 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Commenter Satisfied
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@evanp @csarven @jasnell @rhiaro