Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider "potentially trustworthy" for responses #63

Closed
jyasskin opened this issue Dec 17, 2018 · 2 comments
Closed

Consider "potentially trustworthy" for responses #63

jyasskin opened this issue Dec 17, 2018 · 2 comments

Comments

@jyasskin
Copy link
Member

jyasskin commented Dec 17, 2018
edited
Loading

WICG/webpackage#352 would like to figure out if a response is potentially trustworthy. It's straightforward to check if the response's URL or origin is potentially trustworthy, but this differs from the calculation for environment settings objects in that it allows responses with an HTTPS state of "deprecated" and doesn't pay any attention to the sandbox CSP directive.

This spec is a more reliable place to define this than the web packaging spec, since security folks won't think to update that if new information gets added to responses.
@annevk
Copy link
Member

annevk commented Sep 23, 2019

whatwg/html#4930 needs something similar I think. In particular determining the secure context state of a response that is being navigated to combined with its future parent document (or null) or some such.

@annevk
Copy link
Member

annevk commented Jan 12, 2021

Now that HTTPS state is gone I don't think this is a problem anymore. Let me know if I missed anything.

@annevk annevk closed this as completed Jan 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jyasskin @annevk