How can I allow Mixed contents (http with https) using content-security-policy meta tag?

Question

I\'m forcing https to access my website, but some of the contents must be loaded over http (for example video contents can not be over https), but

Answer 1

You shouldn't... but you CAN, the feature is demonstrated here an HTTP PNG image converted on-the-fly to HTTPS.

There's also a new permissions API, described here, that allows a Web server to check the user's permissions for features like geolocation, push, notification and Web MIDI.