upgrade insecure requests (was Re: Compliance CR pre-publication test)

Thanks for pointing that out, Mike. That pre-publication draft (and indeed our editor's drafts) are loading a ReSpec script with an explicit HTTP scheme, and browsers that don't support upgrade-insecure-requests but do block active mixed content (Safari, Edge, IE) are having trouble with that. I'm updating those drafts to access ReSpec over HTTPS. For published versions like the Candidate Recommendation, we use a static file without ReSpec, so that shouldn't typically be a problem.

Let me know if others are still seeing this issue or other issues with HTTPS.
Cheers,
Nick

> On Mar 7, 2016, at 5:12 AM, Mike O'Neill <michael.oneill@baycloud.com> wrote:
> 
> Hi Nick,
> 
> The doc shows fine on Chrome but not in MS Edge, which objects to the script
> being loaded via http, while the doc uses (redirects to) https. Maybe Edge
> does not recognise the upgrade-insecure-requests CSP policy.
> 
> Mike
> 
> -----Original Message-----
> From: Nick Doty [mailto:npdoty@ischool.berkeley.edu]
> Sent: 06 March 2016 21:48
> To: public-tracking@w3.org
> Cc: Wendy Seltzer <wseltzer@w3.org>
> Subject: Compliance CR pre-publication test
> 
> Hi TPWG,
> 
> In prepping the Compliance document for a transition call with the Director
> and publication as a Candidate Recommendation, I've prepared a
> pre-publication test of the CR format to see what it would look like.
> 
> https://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-cr-pr
> ep.html
> 
> To repeat, this is not an official CR, this is a test. You might notice
> first of all that the formatting is different from other documents we've
> published; that's because there is a new stylesheet being used for all
> Recommendation-track documents that this automatically uses. I think it
> looks cleaner, and even has a nice Table of Contents sidebar when the window
> is wide enough for it.
> 
> You can check the status of the document section; although I think the
> paragraphs would be in a slightly different order to satisfy pubrules; that
> should be an accurate explanation of the status of the work. I've created a
> wiki page which we could use as the implementation report, as we've been
> doing with the TPE.
> 
> https://www.w3.org/wiki/Privacy/TPWG/TCS_Implementation_Report
> 
> Following the model of the TPE, I expect that the CR would end no earlier
> than 3 months away, and that we wouldn't anticipate having sufficient
> implementation experience until 3 months after that. The actual length of
> the Candidate Recommendation phase will of course depend on the actual work
> of adopting and implementing Compliance and documentation in an
> implementation report.
> 
> Implementers of the Compliance specification (as opposed to the companion
> TPE specification) are servers only, not user agents. Implementation will
> consist in adopting and claiming adherence to the Compliance specification.
> Testing and documentation will require verification of compliance
> requirements via, for example, published statements, rather than executed
> software test cases. As a similar example, see the Website Tests in the
> Geolocation Implementation Report:
> https://www.w3.org/TR/2011/WD-orientation-event-20110628/Implementation-Repo
> rt.html
> 
> We didn't specify any features as at risk, so I expect the typical exit
> criteria would apply:
> * Multiple (at least two), interoperable implementations of each feature
> 
> Some of the implementation data on the TPE wiki page that describes
> server-side implementations might be a start already, although I'm not sure
> if any/many of those server-side implementations are claiming adherence to
> any particular version of Tracking Compliance and Scope.
> 
> Wendy, as Team Contact, will be handling the CR transition scheduling and
> meeting with the Director.
> 
> Hope this helps,
> Nick
> 

Received on Monday, 7 March 2016 22:47:27 UTC