leggsimon
commented
7 years ago While this will still affect any mixed content. The issue with videos should now be sorted out as we are starting to request the https version instead.
Open tavvy opened 7 years ago
leggsimon
commented
7 years ago While this will still affect any mixed content. The issue with videos should now be sorted out as we are starting to request the https version instead.
A fetch request (via sw) will reject mixed content where as the default browser behaviour will accept it*.
This is most obvious when trying to play a video on ft.com with
serviceWorkeron.Should be solved with CSP https://developers.google.com/web/fundamentals/security/csp/
https://www.w3.org/TR/CSP3/#initialize-global-object-csp https://w3c.github.io/webappsec-mixed-content/#should-block-fetch https://w3c.github.io/webappsec-mixed-content/#service-workers https://github.com/w3c/ServiceWorker/issues/493 https://scotthelme.co.uk/fixing-mixed-content-with-csp/
*not all