Open tavvy opened 7 years ago
A fetch request (via sw) will reject mixed content where as the default browser behaviour will accept it*.
This is most obvious when trying to play a video on ft.com with serviceWorker on.
serviceWorker
Should be solved with CSP https://developers.google.com/web/fundamentals/security/csp/
https://www.w3.org/TR/CSP3/#initialize-global-object-csp https://w3c.github.io/webappsec-mixed-content/#should-block-fetch https://w3c.github.io/webappsec-mixed-content/#service-workers https://github.com/w3c/ServiceWorker/issues/493 https://scotthelme.co.uk/fixing-mixed-content-with-csp/
*not all
While this will still affect any mixed content. The issue with videos should now be sorted out as we are starting to request the https version instead.
https
A fetch request (via sw) will reject mixed content where as the default browser behaviour will accept it*.
This is most obvious when trying to play a video on ft.com with
serviceWorker
on.Should be solved with CSP https://developers.google.com/web/fundamentals/security/csp/
https://www.w3.org/TR/CSP3/#initialize-global-object-csp https://w3c.github.io/webappsec-mixed-content/#should-block-fetch https://w3c.github.io/webappsec-mixed-content/#service-workers https://github.com/w3c/ServiceWorker/issues/493 https://scotthelme.co.uk/fixing-mixed-content-with-csp/
*not all