Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UPGRADE: Clarify cross-origin subresource upgrades. #301

Closed
mikewest opened this issue Apr 24, 2015 · 0 comments
Closed

UPGRADE: Clarify cross-origin subresource upgrades. #301

mikewest opened this issue Apr 24, 2015 · 0 comments

Comments

@mikewest
Copy link
Member

@diracdeltas notes in w3ctag/design-reviews#54 that:

ISSUE: Same-Origin vs Cross-Origin Behavior Unclear in Examples

Talking to other TAG members about the spec, it became apparent that some of us
thought the spec only applied upgrades to same-origin requests. I attribute
most of my confusion to the examples in Section 1.2. Example #1 uses the
example of <img src="http://example.com/image.png"> being upgraded on
https://example.com and Example #2 explicitly says that <a href="http://not-example.com/">Home</a> will not be upgraded on
https://example.com. It would be better if Example #1 explicitly said that
a third-party origin like not-example.com is upgradeable in that context, so
that readers don't generalize Example #2 to all requests.
@mikewest mikewest mentioned this issue Apr 24, 2015
Merged
mikewest pushed a commit to mikewest/webappsec that referenced this issue Jun 29, 2015
@tabatkins
Merge pull request w3c#301 from tantek/patch-7
8549dec 
use time element for the date instead of two spans
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikewest