- From: Mike West <notifications@github.com>
- Date: Thu, 23 Apr 2015 21:20:18 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Friday, 24 April 2015 04:20:45 UTC
> + > +### COMMENT: +1 for Issue #184 > + > +https://github.com/w3c/webappsec/issues/184 seems like a good thing for > +improving the smoothness of the HTTP to HTTPS transition. > + > +### ISSUE: Need Example for Upgrade Insecure Navigations Set > + > +It would be nice to have an example of a CSP directive with an upgrade insecure > +navigations set in the draft. > + > +### ISSUE: Upgrade All Navigations > + > +Is there a way to specify that all navigations should be upgraded? That seems > +useful if a webmaster doesn't want to change their header every time they add > +a link and are confident all their links will support HTTPS. This might fall out of w3c/webappsec#184 naturally, if we split the syntax between subresource and navigational upgrades in some way. It's not clear to me how valuable this is, given the lack of control over third-party sites, but I agree that it might be worth adding to cover some use cases. --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/pull/54/files#r29022878
Received on Friday, 24 April 2015 04:20:45 UTC