Re: [spec-reviews] Strawman spec review for upgrade insecure requests (#54) from Yan Zhu on 2015-04-24 (public-webapps-github@w3.org from April 2015)

From: Yan Zhu <notifications@github.com>
Date: Fri, 24 Apr 2015 12:35:29 -0700
To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Message-ID: <w3ctag/spec-reviews/pull/54/r29078793@github.com>

> +
> +### ISSUE: Upgrade All Navigations
> +
> +Is there a way to specify that all navigations should be upgraded? That seems
> +useful if a webmaster doesn't want to change their header every time they add
> +a link and are confident all their links will support HTTPS.
> +
> +### ISSUE: Inconsistent Wording in 4.1?
> +
> +Section 4.1:
> +> We will not upgrade cross-origin navigational requests, with the exception of
> +> form submissions
> +
> +I'm confused now because the document otherwise states that cross-origin
> +navigational requests will be upgraded if they are in the "upgrade insecure
> +navigations set" for a context.

Yep.

---
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/spec-reviews/pull/54/files#r29078793

Received on Friday, 24 April 2015 19:35:58 UTC