Open annevk opened 5 years ago
I agree that that sounds strange.
I think this is obsolete now since Strict Mixed Content Checking was made obsolete in the current spec, and I can't find any other specs that still refer to the flag. @annevk and @mikewest any objections to closing this?
Chrome still ships an implementation of block-all-mixed-content
, which I think relied on this concept. Do you intent to unship that? If so, removing the concept seems reasonable. If not, it seems less reasonable. :)
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content does argue for a negative historical WPT test for that feature.
Sorry about the delay, it had been a busy past few weeks, but I'm now getting back to this.
annevk: I'm not sure I follow, do you mean we should have a WPT for the lack of enforcement of it?
mikewest: I've just sent an intent to remove to fully unship block-all-mixed-content in Chrome.
@carlosjoan91 yeah, for features that have been implemented at some point (and sometimes still are), but are not currently standardized. See the various historical.*
files in WPT.
Thanks for clarifying, I was not aware of those. Adding one to check for the lack of strict mixed content checking enforcement SGTM, I'll try to put one together
At least one algorithm talks about the strict mixed content checking flag of an environment settings object, but points to a flag defined only for Documents and browsing contexts (not sure the latter is correct?). This seems buggy.
Fixing this might help with https://github.com/whatwg/notifications/issues/145.