-
Notifications
You must be signed in to change notification settings - Fork 147
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MIX: Clarify mixed content "resources" vs "requests".
Jeff Hodges noted in [1] that MIX was a bit iffy from an editorial perspective with regared to defining mixed content in terms of resources loaded into a context, while at the same time banning certain resource loads entirely. This patch attempts to clean things up by defining "mixed content" in terms of both resources and requests, and adjusting the definitions of "optionally-blockable" and "blockable" to match. Each of these terms now covers the following: 1. A request for an insecure resource that is blocked before the resource is loaded into the requesting context. 2. A request for an insecure resource that is allowed to proceed despite its mixed nature. 3. An insecure resource that is loaded into a secure context via a request described by #2. Thanks, @equalsJeffH! [1]: https://lists.w3.org/Archives/Public/public-webappsec/2015Mar/0107.html
- Loading branch information
Showing
1 changed file
with
25 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters