mikewest
commented
5 years ago I agree that that sounds strange.
Open annevk opened 5 years ago
mikewest
commented
5 years ago I agree that that sounds strange.
carlosjoan91
commented
1 year ago I think this is obsolete now since Strict Mixed Content Checking was made obsolete in the current spec, and I can't find any other specs that still refer to the flag. @annevk and @mikewest any objections to closing this?
mikewest
commented
1 year ago Chrome still ships an implementation of block-all-mixed-content, which I think relied on this concept. Do you intent to unship that? If so, removing the concept seems reasonable. If not, it seems less reasonable. :)
annevk
commented
1 year ago https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content does argue for a negative historical WPT test for that feature.
carlosjoan91
commented
1 year ago Sorry about the delay, it had been a busy past few weeks, but I'm now getting back to this.
annevk: I'm not sure I follow, do you mean we should have a WPT for the lack of enforcement of it?
mikewest: I've just sent an intent to remove to fully unship block-all-mixed-content in Chrome.
annevk
commented
1 year ago @carlosjoan91 yeah, for features that have been implemented at some point (and sometimes still are), but are not currently standardized. See the various historical.* files in WPT.
carlosjoan91
commented
1 year ago Thanks for clarifying, I was not aware of those. Adding one to check for the lack of strict mixed content checking enforcement SGTM, I'll try to put one together
At least one algorithm talks about the strict mixed content checking flag of an environment settings object, but points to a flag defined only for Documents and browsing contexts (not sure the latter is correct?). This seems buggy.
Fixing this might help with https://github.com/whatwg/notifications/issues/145.