Re: [whatwg/fetch] HTTPS upgrades proposal (PR #1655) from Frederik Braun on 2024-02-14 (public-webapps-github@w3.org from February 2024)

From: Frederik Braun <notifications@github.com>
Date: Wed, 14 Feb 2024 05:24:00 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1655/c1943760242@github.com>

I believe there is a disconnect about the redirect loops between what @annevk and @simon-friedberger understood.

The issue isn't reaching the maximum of allowed redirects, but whether a browser should look at previous URLs in the redirect chains to stop upgrading. E.g., for a page that supports HTTPS but redirects back to HTTP.

Specifically, how "far" does the browser look back? All 20? Which information does the browser use to consider something a loop? Just the domain? The site? With URL parameters?

If all browsers have explicit "loop breakout logic", we should specify it.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1655#issuecomment-1943760242
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1655/c1943760242@github.com>

Received on Wednesday, 14 February 2024 13:24:06 UTC