- From: Mike West <notifications@github.com>
- Date: Thu, 23 Apr 2015 21:19:20 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Friday, 24 April 2015 04:19:47 UTC
> +`https://example.com` and Example #2 explicitly says that `<a > +href="http://not-example.com/">Home</a>` will *not* be upgraded on > +`https://example.com`. It would be better if Example #1 explicitly said that > +a third-party origin like `not-example.com` is upgradeable in that context, so > +that readers don't generalize Example #2 to all requests. > + > +### CLARIFICATION: Wording in Terminology > + > +The wording "depend on the upgrade-insecure-requests mechanism" in Section 2 is > +unclear. It seems to mean something like, "the same with and without > +upgrade-insecure-requests" from context, but I'm not sure. > + > +### COMMENT: +1 for Issue #184 > + > +https://github.com/w3c/webappsec/issues/184 seems like a good thing for > +improving the smoothness of the HTTP to HTTPS transition. Do you think we need to distinguish between subresource and navigational upgrades here? It's not clear that a flat list would be enough. --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/pull/54/files#r29022858
Received on Friday, 24 April 2015 04:19:47 UTC