Contact emails
Spec
https://w3c.github.io/webappsec-mixed-content/#should-block-fetch
Bug against Resource Hints at https://github.com/w3c/resource-hints/issues/70.
Summary
Currently, Blink treats non-secure usage of `<link rel="prefetch">` as "optionally-blockable" content, similar to `<img>`. We'd like to align with Firefox's behavior, which blocks non-secure prefetch by default.
Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
Demo link
Debuggability
Blocked mixed content shows up as an error in the console, and in the network waterfall.
Risks
Interoperability and Compatibility
Firefox ships this behavior today. We discussed the issue at TPAC, and agreed both that the spec supports that behavior, and that vendors generally should align to it.
Edge: Public support
Firefox: Shipped
Safari: Public support
Web developers: Web developers are not generally fans of mixed content checks, but the least we can do for them is ensure consistent behavior cross-browser.
Ergonomics
No ergonomic concerns.
Activation
No activation concerns.
Is this feature fully tested by web-platform-tests? Link to test suite results from wpt.fyi.
It is! We have a robust test suite at https://wpt.fyi/mixed-content, and this is the only point on which Firefox and Chrome disagree.
Entry on the feature dashboard
Reusing https://www.chromestatus.com/feature/6263395770695680 for this minor bug fix.
Contact emails
Spec
https://w3c.github.io/webappsec-mixed-content/#should-block-fetch
Bug against Resource Hints at https://github.com/w3c/resource-hints/issues/70.
Summary
Currently, Blink treats non-secure usage of `<link rel="prefetch">` as "optionally-blockable" content, similar to `<img>`. We'd like to align with Firefox's behavior, which blocks non-secure prefetch by default.
Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
Demo link
Debuggability
Blocked mixed content shows up as an error in the console, and in the network waterfall.
Risks
Interoperability and Compatibility
Firefox ships this behavior today. We discussed the issue at TPAC, and agreed both that the spec supports that behavior, and that vendors generally should align to it.
Edge: Public support
Firefox: Shipped
Safari: Public support
Web developers: Web developers are not generally fans of mixed content checks, but the least we can do for them is ensure consistent behavior cross-browser.
On Wed, Nov 15, 2017 at 8:59 AM, Mike West <mk...@chromium.org> wrote:Contact emails
Spec
https://w3c.github.io/webappsec-mixed-content/#should-block-fetch
Bug against Resource Hints at https://github.com/w3c/resource-hints/issues/70.
Summary
Currently, Blink treats non-secure usage of `<link rel="prefetch">` as "optionally-blockable" content, similar to `<img>`. We'd like to align with Firefox's behavior, which blocks non-secure prefetch by default.
Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
Demo link
Debuggability
Blocked mixed content shows up as an error in the console, and in the network waterfall.
Risks
Interoperability and Compatibility
Firefox ships this behavior today. We discussed the issue at TPAC, and agreed both that the spec supports that behavior, and that vendors generally should align to it.
Edge: Public support
Firefox: Shipped
Safari: Public support
lgtm1
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/4b927b5b-9a63-4bea-a2fe-a62fd0bc08ae%40chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjhuidtMUbdV0Wg-YnTE4cTAG2iEpDg2253X3AvmfFTRXrKJA%40mail.gmail.com.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjhuidtMUbdV0Wg-YnTE4cTAG2iEpDg2253X3AvmfFTRXrKJA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEjnbg1pEVKbKpxTR2fsmLdCdVTF8e73MLB2sHiDWK_M6w%40mail.gmail.com.