New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid mixed-content error with JSON-LD context in HTTPS #351

Closed
csarven opened this Issue Aug 12, 2016 · 6 comments

Comments

Projects
None yet
4 participants
@csarven
Member

csarven commented Aug 12, 2016

Please Indicate One:

  • Editorial
  • Question
  • Feedback
  • Blocking Issue
  • Non-Blocking Issue

Please Describe the Issue:

If a document is loaded over HTTPS, JSON-LD libraries are subject to getting the mixed-content error in the browser if @context uses HTTP: https://www.w3.org/ns/activitystreams

Perhaps change (especially the examples) to use https://www.w3.org/ns/activitystreams to avoid this possibility altogether.

jasnell added a commit that referenced this issue Aug 15, 2016

@csarven

This comment has been minimized.

Show comment
Hide comment
@csarven

csarven Aug 23, 2016

Member

There is an equivalent issue at w3c/web-annotation#347

Member

csarven commented Aug 23, 2016

There is an equivalent issue at w3c/web-annotation#347

@evanp

This comment has been minimized.

Show comment
Hide comment
@evanp

evanp Aug 23, 2016

Collaborator

I'm going to mark this at-risk that we may also support HTTP

Collaborator

evanp commented Aug 23, 2016

I'm going to mark this at-risk that we may also support HTTP

@evanp

This comment has been minimized.

Show comment
Hide comment
@evanp

evanp Aug 31, 2016

Collaborator

I've added in a note about whether we would use http-only. I'm not sure of what the use-case is. @jasnell any ideas? can we just drop http: and use https: for everything?

Collaborator

evanp commented Aug 31, 2016

I've added in a note about whether we would use http-only. I'm not sure of what the use-case is. @jasnell any ideas? can we just drop http: and use https: for everything?

@jasnell

This comment has been minimized.

Show comment
Hide comment
@jasnell

jasnell Aug 31, 2016

Collaborator

https for everything is fine but... that would affect the @context URLs. It would mean that all context URLs would need to use https: or risk running into the same kind of mixed-content error.

Collaborator

jasnell commented Aug 31, 2016

https for everything is fine but... that would affect the @context URLs. It would mean that all context URLs would need to use https: or risk running into the same kind of mixed-content error.

@csarven

This comment has been minimized.

Show comment
Hide comment
Member

csarven commented Sep 1, 2016

@evanp

This comment has been minimized.

Show comment
Hide comment
@evanp

evanp Nov 8, 2016

Collaborator

All the examples use the HTTPS URL now; it also resolves correctly. So I think this can be safely closed.

Collaborator

evanp commented Nov 8, 2016

All the examples use the HTTPS URL now; it also resolves correctly. So I think this can be safely closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment