Re: [whatwg/fetch] HTTPS upgrades proposal (PR #1655)

@yoavweiss commented on this pull request.



> +to attempt to fetch them over <a>potentially trustworthy URL</a>s. If an upgraded request
+fails with a network error, it is retried over the original URL.
+
+<p>The HTTPS upgrading algorithm consists of Upgrade and Fallback algorithms, with the following
+steps:
+
+<h4 id=https-upgrades-upgrade>Upgrade algorithm</h4>
+
+To <dfn>upgrade an HTTP request</dfn> given a <a for=/>request</a> <var>request</var>, run these
+steps:
+
+<ol>
+  <li>
+    <p>If one or more of the following conditions are met, return without modifying request:
+    <ul>
+      <li><p><var>request</var>'s <a for="request">destination</a> is "<code>document</code>"

Don't we want to upgrade document destinations?

> +      <li><p><var>request</var>'s <a for="request">destination</a> is "<code>document</code>"
+
+      <li><p><var>request</var>'s <a for="request">method</a> is not "<code>GET</code>"
+
+      <li><p><var>request</var>'s <a for="request">URL</a>'s <a for=url>scheme</a> is not
+      "<code>http</code>"
+
+      <li><p><var>request</var>'s <a for="request">URL</a>'s <a for=url>host</a> is exempted from
+      upgrades in an <a>implementation-defined</a> way. For example, if <a for=url>host</a> is a
+      non-registrable or non-assignable domain name such as .local or an IP address that falls in a
+      range reserved for non-publicly routable networks, the implementation might return without
+      modifying <var>request</var>.
+    </ul>
+  </li>
+
+  <li><p>If <var>request</var>'s <code>https-upgrade-fallback-url</code> is non-null, this is a

"this is a fallback request that shouldn't be upgraded again" should probably be a note

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1655#pullrequestreview-1494396478
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1655/review/1494396478@github.com>