18085 2012-07-18 17:13:33 +0000 "all content using the http+aes scheme on the same host (and same port) shares the same origin and can therefore leak the keys" - unless there's a use case for supporting this, it seems more robust to make http(s)+aes never be same-origin 2012-10-22 07:32:45 +0000 1 1 1 Unclassified HTML WG HTML5 spec unspecified Other other RESOLVED WORKSFORME http://www.whatwg.org/specs/web-apps/current-work/#http+aes-scheme P3 normal --- 1 contributor dave.null erika.doyle mike public-html-admin public-html-wg-issue-tracking zcorpan public-html-bugzilla oldest_to_newest 70638 0 contributor 2012-07-18 17:13:33 +0000 This was was cloned from bug 16248 as part of operation convergence. Originally filed: 2012-03-07 08:49:00 +0000 ================================================================================ #0 contributor@whatwg.org 2012-03-07 08:49:00 +0000 -------------------------------------------------------------------------------- Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/iana.html Multipage: http://www.whatwg.org/C#http+aes-scheme Complete: http://www.whatwg.org/c#http+aes-scheme Comment: "all content using the http+aes scheme on the same host (and same port) shares the same origin and can therefore leak the keys" - unless there's a use case for supporting this, it seems more robust to make http(s)+aes never be same-origin Posted from: 88.131.66.80 by simonp@opera.com User agent: Opera/9.80 (Macintosh; Intel Mac OS X 10.7.2; U; en) Presto/2.10.229 Version/11.61 ================================================================================ 76891 1 mike 2012-10-22 07:32:45 +0000 The http+aes scheme/feature is not part of the W3C HTML5 spec and has also been dropped from the upstream WHATWG HTML spec.