Re: [whatwg/fetch] HTTPS upgrades proposal (PR #1655) from Yoav Weiss on 2023-06-08 (public-webapps-github@w3.org from June 2023)

From: Yoav Weiss <notifications@github.com>
Date: Wed, 07 Jun 2023 21:37:48 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1655/review/1468979516@github.com>

@yoavweiss commented on this pull request.



> +
+<ol>
+  <li>
+    <p>If one or more of the following conditions are met, return without modifying request:
+    <ul>
+      <li><p><var>request</var> is not a navigation request whose destination is document</li>
+
+      <li><p><var>request</var>'s method is not `<code>GET</code>`</li>
+
+      <li><p><var>request</var>'s URL's scheme is not <code>"http"</code></li>
+
+      <li><p><var>request</var>'s URL's host is non-unique (i.e., contains a non-registrable or
+      non-assignable domain name such as .local or an IP address that falls in a range reserved for
+      non-publicly routable networks)</li>
+
+      <li><p>Optionally, <var>request</var>'s URL's host is exempted from upgrades by the user agent

s/by the user agent/in an implementation-defined way/? (linking to https://infra.spec.whatwg.org/#implementation-defined)

> +    following:
+
+    <ul>
+      <li><p>Set <var>request</var>'s URL to the value of <var>request</var>'s
+        <code>https-upgrade-fallback-url</code> flag</li>
+
+      <li><p>Set response to the result of running <a>HTTP-redirect fetch</a> given fetchParams and
+        <var>upgradedResponse</var>.</li>
+    </ul>
+  </li>
+
+  <li><p>Otherwise, the upgrade was successful. Return <var>upgradedResponse</var>.</li>
+</ol>
+
+<p>
+Optionally, user agents may implement a fast-fallback option by canceling slow fetches on upgraded

This needs to be better defined..

> @@ -4405,6 +4523,8 @@ steps:
 
  <li><p><a>Upgrade <var>request</var> to a potentially trustworthy URL, if appropriate</a>.
 
+ <li><p><a href="#https-upgrades-upgrade">Optionally, run HTTPS upgrading algorithm on <var>request</var>, if appropriate</a>.

Why "optionally" here and below? Also, why do we need to run this algorithm both as part of "main fetch" and "http fetch"?

> +  fallback request that shouldn't be upgraded again. Clear the <code>https-upgrade</code> and
+  <code>https-upgrade-fallback-url</code> flags and return <var>request</var>.</li>
+
+  <li><p>Otherwise, upgrade the request by setting the following fields:
+    <ul>
+      <li>Set <code>https-upgrade-fallback-url</code> to request's URL</li>
+      <li>Set <var>request</var>'s URL's scheme to <code>"https"</code></li>
+      <li>Set <code>https-upgrade</code> flag to true</li>
+    </ul>
+  </li>
+</ol>
+
+<h4 id=https-upgrades-fallback>Fallback algorithm</h4>
+
+<p>Runs after the Upgrade algorithm. This algorithm determines whether the upgraded
+request completed without a network error. If not, it retries the request over <code>"http"</code>.

On top of that, you want to explicitly run this algorithm, rather than saying when it should be run.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1655#pullrequestreview-1468979516
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1655/review/1468979516@github.com>

Received on Thursday, 8 June 2023 04:37:53 UTC