w3c / webappsec-mixed-content

WebAppSec Mixed Content
https://w3c.github.io/webappsec-mixed-content/
Other
12 stars 22 forks source link

Definition of "unauthenticated response" actually defining "authenticated response"? #19

Closed jdeblasio closed 5 years ago

jdeblasio commented 5 years ago

It looks like the unauthenticated response definition may be actually defining the inverse?

For easy reference, see https://w3c.github.io/webappsec-mixed-content/#unauthenticated-response

mikewest commented 5 years ago

I think you're right. That definition should probably read "if either of the following two statements are false"... Would you be interested in sending a PR?