- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 14 Dec 2023 06:22:24 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1655/review/1781923838@github.com>
@annevk commented on this pull request. > + <li> + <p>Optionally, run <a>upgrade an HTTP request</a> algorithm on <var>request</var>. + + <p class=note>HTTPS upgrading only applies to requests with <a>HTTP(S) scheme</a>s, but it's done + in <a>main fetch</a> instead of <a>HTTP fetch</a> to ensure that + <a>upgrade a mixed content <var>request</var> to a potentially trustworthy URL, if appropriate</a> + step runs next and applies to the upgraded request. + 1. I tend to agree that it would make sense to determine the referrer based on the updated URL. I think that will also do the correct thing with regards to an upgrade followed by a downgrade. 1. We should make sure this is tested. 1. There should be a follow-up issue to determine the interaction of referrer and HSTS. We should probably change it, but it would be clearest if done in a separate PR. Ideally with its own tests. 1. I think we should remove the note, but indeed leave the upgrade happening right where it is now. The rationale is that you want to make policy decisions early as everything else is impacted by them, but I'm not sure that stating that for each policy decision is worthwhile. Just something to keep in mind. 1. I will be taking an end-of-the-year break pretty soon so it's likely this won't be able to land until mid-January. Hopefully the above is enough to make meaningful forward progress until then. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1655#discussion_r1426784339 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1655/review/1781923838@github.com>
Received on Thursday, 14 December 2023 14:22:29 UTC