Closed jdeblasio closed 5 years ago
It looks like the unauthenticated response definition may be actually defining the inverse?
For easy reference, see https://w3c.github.io/webappsec-mixed-content/#unauthenticated-response
I think you're right. That definition should probably read "if either of the following two statements are false"... Would you be interested in sending a PR?
It looks like the unauthenticated response definition may be actually defining the inverse?
For easy reference, see https://w3c.github.io/webappsec-mixed-content/#unauthenticated-response