- From: Simon Friedberger <notifications@github.com>
- Date: Tue, 13 Feb 2024 06:57:12 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 13 February 2024 14:57:18 UTC
The [explainer](https://github.com/dadrian/https-upgrade/blob/main/explainer.md) touched on loop handling behavior: > Redirects to HTTP: If a navigation would result in a redirect to HTTP, that redirection should also get upgraded to HTTPS. This applies both to navigations that are initially to HTTP URLs which get upgraded to HTTPS (and then redirected to an HTTP URL) and to navigations that are initially to HTTPS URLs that are redirected to HTTP. If these upgrades result in a redirect loop (for example, https://http.badssl.com/ redirects to http://http.badssl.com/, which would be upgraded to https://http.badssl.com/, and so on), this should be considered a failed upgrade. I don't see this in the PR and [this WPT](https://wpt.fyi/results/https-upgrades/tentative?label=experimental&label=master&aligned) implies that the query string should be part of the data used for detecting loops. Should this be part of the spec and not just the test? Also, I guess that the fragment should not be part of such a check, correct? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1655#issuecomment-1941699135 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1655/c1941699135@github.com>
Received on Tuesday, 13 February 2024 14:57:18 UTC