W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: [blink-dev] Re: Proposal: Marking HTTP As Non-Secure

From: Matthew Dempsky <mdempsky@chromium.org>
Date: Wed, 17 Dec 2014 15:21:46 -0800
Message-ID: <CAF52+S6wY25Cd+j6CWvBoVrocRz7S3nXAKuh-xjHpx2WnaZLTw@mail.gmail.com>
To: softwaredevjirka@gmail.com
Cc: blink-dev <blink-dev@chromium.org>, annevk@annevk.nl, sigbjorn@opera.com, tylerl@google.com, Chris Palmer <palmer@google.com>, public-webappsec@w3.org, security-dev@chromium.org, dev-security@lists.mozilla.org, chaals@yandex-team.ru
On Wed, Dec 17, 2014 at 2:27 PM, <softwaredevjirka@gmail.com> wrote:
>
> Am I missing something?
>

The way Android and Chrome OS detect captive portals is to issue requests
to a known HTTP URL that should only send 204 responses, and anything else
indicates some action is required on behalf of the user.  See:
http://www.chromium.org/chromium-os/chromiumos-design-docs/network-portal-detection

As a longer term solution, I like the idea of announcing captive portal
logins via DHCP (e.g., draft-wkumari-dhc-capport).
Received on Thursday, 18 December 2014 14:20:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC