Please sign in to comment.
Use 'Is URL trustworthy?' rather than whitelisting 'https' and 'wss'.
Based on the discussion in the public-webappsec thread starting at , our face-to-face at , and our recent call at , this patch aligns mixed content's checks with Secure Context's definition of potentially trustworthy URLs. Among other things, this means that `http://127.0.0.1/` will not be considered mixed content when loaded in an otherwise secure page. : https://lists.w3.org/Archives/Public/public-webappsec/2016Apr/0044.html : https://www.w3.org/2016/05/16-webappsec-minutes.html#item05 : https://www.w3.org/2016/07/13-webappsec-minutes.html#item05 Closes #4. Obviates #5.
- Loading branch information...