Closed aliams closed 6 years ago
mikewest
commented
6 years ago It looks like we've already removed this from the editor's draft (https://w3c.github.io/webappsec-mixed-content/).
@dveditz, @wseltzer: Since the spec is in CR, I can't publish an update. Could y'all push a new CR without the passthrough request concept? We marked it as at risk, and it looks like that was a reasonable thing to do...
aliams
commented
6 years ago Thanks @mikewest. I see that there is a reference to service worker behavior in a note in Section 5.2 and 5.3.
mikewest
commented
6 years ago Ah! The note in 5.2 was indeed outdated. I believe the note in 5.3 is still valid, referring to the behavior in general, rather than the passthrough bits. Cleaned up in https://github.com/w3c/webappsec-mixed-content/commit/025b6c392fdf2bb367526cd8e6130a424b4c67de. Thanks for pointing it out!
As per Anne's comment, service worker mixed content exceptions have not been implemented and that feature has since been dropped.
Can the spec be updated to reflect this?