- From: Tom Ritter <tom@ritter.vg>
- Date: Thu, 3 May 2012 12:40:09 -0400
- To: "Hill, Brad" <bhill@paypal-inc.com>
- Cc: Adam Barth <w3c@adambarth.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 3 May 2012 12:19, Hill, Brad <bhill@paypal-inc.com> wrote: > I think he's asking, if I list "http://example.com", it should also allow "https://example.com". > > We discussed this at TPAC on Day 1. The notes say that we decided that "example.com" (no scheme) implied both http and https, but explicitly listing a scheme doesn't imply automatic upgrade is allowed. Exactly, thanks. However, that doesn't seem to match the implementation in Chrome, so I filed a bug against it. 126117[0] -tom [0] https://code.google.com/p/chromium/issues/detail?id=126117
Received on Thursday, 3 May 2012 16:40:59 UTC