13526 – "One distinction we have decided to draw is to prevent downgrading mixed content with websockets (i.e. you cannot connect to a ws:// url from a https:// based context)." -- http://www.ietf.org/mail-archive/web/hybi/current/msg08017.html - specify this if

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 13526 - "One distinction we have decided to draw is to prevent downgrading mixed content with websockets (i.e. you cannot connect to a ws:// url from a https:// based context)." -- http://www.ietf.org/mail-archive/web/hybi/current/msg08017.html - specify this if

Summary: "One distinction we have decided to draw is to prevent downgrading mixed cont...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebAppsWG
Classification:	Unclassified
Component:	WebSocket API (editor: Ian Hickson) (show other bugs)
Version:	unspecified
Hardware:	Other other

Importance:	P3 normal
Target Milestone:	---
Assignee:	Ian 'Hixie' Hickson
QA Contact:	public-webapps-bugzilla

URL:	http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-08-02 18:52 UTC by contributor
Modified:	2011-08-08 21:02 UTC (History)
CC List:	4 users (show)

See Also:

Attachments

Description contributor 2011-08-02 18:52:18 UTC

Specification: http://www.whatwg.org/specs/web-apps/current-work/complete/network.html
Multipage: http://www.whatwg.org/C#dom-websocket
Complete: http://www.whatwg.org/c#dom-websocket

Comment:
"One distinction we have decided to draw is to prevent downgrading mixed
content with websockets (i.e. you cannot connect to a ws:// url from a
https:// based context)." --
http://www.ietf.org/mail-archive/web/hybi/current/msg08017.html - specify this
if everyone agree to do this

Posted from: 85.227.153.57 by simonp@opera.com
User agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.5.8; U; en) Presto/2.9.168 Version/11.50

Comment 1 Ian 'Hixie' Hickson 2011-08-08 21:02:22 UTC

I guess we can try this.

Comment 2 contributor 2011-08-08 21:02:37 UTC

Checked in as WHATWG revision r6385.
Check-in comment: Prevent authors from shooting themselves in the foot here. Note that this blocks some legitimate use cases -- let me know if you think we should remove this restriction. It's easy to work around -- provide services over wss:// -- but some service providers might not bother.
http://html5.org/tools/web-apps-tracker?from=6384&to=6385