- From: Anne van Kesteren <notifications@github.com>
- Date: Wed, 15 Nov 2023 07:41:35 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/1655/review/1732310982@github.com>
@annevk commented on this pull request. @mozfreddyb you mentioned redirects a few times. Could you stipulate the concern more clearly? Mostly that if you have HTTPS A redirecting to HTTP B we'd attempt an upgrade of B? > @@ -6011,7 +6132,8 @@ optional boolean <var>forceNewConnection</var> (default false), run these steps: <li><p>If <var>connection</var> is an HTTP/1.x connection, <var>request</var>'s <a for=request>body</a> is non-null, and <var>request</var>'s <a for=request>body</a>'s - <a for=body>source</a> is null, then return a <a>network error</a>. + <a for=body>source</a> is null, then return the result of running <a>HTTPS upgrade fallback</a> + given <var>request</var> and <var>network error</var>. This is a streaming case. I don't think we should touch this. This also won't be true for the scenario we care about: navigation. > @@ -6030,7 +6152,8 @@ optional boolean <var>forceNewConnection</var> (default false), run these steps: buffer of up to 64 kibibytes and store a part of <var>request</var>'s <a for=request>body</a> in that buffer. If the user agent reads from <var>request</var>'s <a for=request>body</a> beyond that buffer's size and the user agent needs to resend <var>request</var>, then instead - return a <a>network error</a>. + return the result of running <a>HTTPS upgrade fallback</a> given <var>request</var> and + <var>network error</var>. This again is a streaming case. It won't be true for navigation. > +<div algorithm> +<p>To <dfn>upgrade an HTTP request</dfn> given a <a for=/>request</a> <var>request</var>: + +<ol> + <li> + <p>If one or more of the following conditions are met, return: + <ul> + <li><p><var>request</var>'s <a for="request">destination</a> is not "<code>document</code>" + + <li><p><var>request</var>'s <a for="request">method</a> is not "<code>GET</code>" + + <li><p><var>request</var>'s <a for="request">URL</a>'s <a for="url">scheme</a> is not + "<code>http</code>" + + <li><p><var>request</var>'s <a for="request">URL</a>'s <a for="url">host</a> is exempted from + upgrades in an <a>implementation-defined</a> way. Maybe we can give some examples here. Also, is this purely based on host or is port part of the consideration? Maybe we should talk about origin instead? > @@ -5157,8 +5279,6 @@ these steps: <p>If one of the following is true <ul class=brief> - <li><p><var>response</var>'s <a for=response>type</a> is "<code>error</code>" It looks like you haven't undone the change here. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1655#pullrequestreview-1732310982 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1655/review/1732310982@github.com>
Received on Wednesday, 15 November 2023 15:41:42 UTC