Re: Proposal: Marking HTTP As Non-Secure

On 16 December 2014 at 06:40, Mike West <> wrote:

> Nothing in CSP should prevent scheme-relative URLs from functioning; they
> should resolve relative to the document in which they're embedded, and CSP
> should block or allow them accordingly.
The idea is to use CSP reports to check if a site is ready for https switch
before the actual switch by insisting on https: protocol for all resources.
That does not work with scheme-relative URLs.

Received on Tuesday, 16 December 2014 06:03:02 UTC