22262 2013-06-04 15:51:48 +0000 Mixed content / CSP 2015-08-11 06:49:01 +0000 1 1 1 Unclassified WHATWG Fetch unspecified PC All RESOLVED MOVED P2 normal Unsorted 1 annevk annevk bruant.d mike mkwst sideshowbarker+fetchspec oldest_to_newest 88624 0 annevk 2013-06-04 15:51:48 +0000 At some point we should require disallowing http from https for certain types of requests (or maybe all at some point). This would also require knowing what type of resource was requested, which ties into CSP content categories (or some such). 106332 1 annevk 2014-05-19 10:48:44 +0000 It seems Mike is going to do this. 106333 2 mkwst 2014-05-19 10:52:21 +0000 Yes. Mike is putting a spec together. Should have something for review next weekish. 107095 3 mkwst 2014-06-01 09:53:30 +0000 I've put up a draft mixed content spec for review. On the assumption that it's not completely insane, I'd appreciate it if you could take a close look at the proposed modifications to Fetch: https://w3c.github.io/webappsec/specs/mixedcontent/#fetch-integration Anne, does that look like the right division of labor between the documents? 107120 4 annevk 2014-06-02 10:40:15 +0000 Yeah, I guess I'll take this bug back to implement the requested hooks once we agree on the details per list discussion: http://lists.w3.org/Archives/Public/public-webappsec/2014Jun/0004.html 107125 5 annevk 2014-06-02 11:56:56 +0000 Placeholder hooks added: https://github.com/whatwg/fetch/commit/f04393aa9815dd6dce350d5d058f2bac9c4d606c 107777 6 annevk 2014-06-13 09:47:42 +0000 Assigning to Mike as I still need a hook for CSP. Hooks were improved as part of these commits yesterday: https://github.com/whatwg/fetch/commit/682f68d5f0cce7f9637a8f6d9450b514ed276f9b https://github.com/whatwg/fetch/commit/567fe8ad5f1804efdefa7aa273f2a366b223c70e 120903 7 annevk 2015-06-11 09:59:29 +0000 What's the ETA on CSP getting fixed? 122553 8 annevk 2015-08-11 06:49:01 +0000 https://github.com/w3c/webappsec/issues/227