Comment by eridius
8 years ago
Beyond Secure cookies, what mitigations are you thinking of? Secure cookies don't count because serving Secure cookies over Flexible SSL is no less secure than serving regular cookies over http://.
8 years ago
Beyond Secure cookies, what mitigations are you thinking of? Secure cookies don't count because serving Secure cookies over Flexible SSL is no less secure than serving regular cookies over http://.
In addition to limiting certain browser features to HTTPS sites, browsers now also warn about submitting passwords over HTTP and mark pages that do so as insecure.
Browsers also prevent HTTPS sites from embedding active content from HTTP sites.
Many browser features (like location API) are gradually being deprecated from plaintext HTTP.
Interesting. I hadn't heard of that before. Looks like it's just Chrome doing this?
And Firefox