it looks like providing some UI to relax
the mixed-content restriction is much smaller than providing a UI for
ordinary webapps to elevate themselves to full local network access.
-
Nicholas Wilson: nicho...@nicholaswilson.me.uk
Cambridge, CB4 2TU
. The only piece we're struggling with is making an outgoing
WebSocket connection (in Firefox/IE). We'd rather not be forced down
the TLS route and have to delegate our UX to the very varied
certificate management across browsers.
Thanks for your time.
Nick
-
Nicholas Wilson: nicho
On 29 July 2013 17:47, Stefan Arentz sare...@mozilla.com wrote:
Can CSP play a role here?
What if my site is on https://foo.com and I set connect-src to http://foo.com
? Would that override the mixed content blocking? If not, is that something
we should implement?
Interesting idea. I'm
-Security:
externally-verifiable (or anything similar).
That's worth considering.
I can clean up my patch and post it in a bugzilla as
X-Access-Control-Security, but perhaps more people need to buy-in
before it's worth doing that.
Best,
Nicholas
-
Nicholas Wilson: nicho
to review this
proposal? Pragmatically, I think it's acceptably small and opens up
some cool new webapps that aren't currently possible in Fx.
Best,
Nicholas
-
Nicholas Wilson: nicho...@nicholaswilson.me.uk
Site and blog: www.nicholaswilson.me.uk
28 St Stephens Place, CB3 0JE
07845 182898
On 23
application to Firefox as
webapps and running into this problem.
Best,
Nicholas
-
Nicholas Wilson: nicho...@nicholaswilson.me.uk
On 14 August 2013 00:04, Tanvi Vyas ta...@mozilla.com wrote:
Just want to add a few notes here.
Firefox has blocked Mixed Content websockets for a long time