- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 12 Aug 2015 15:34:52 +0200
- To: Brad Hill <hillbrad@gmail.com>
- Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Yan Zhu <yan@eff.org>, Alex Russell <slightlyoff@google.com>
On Mon, Aug 10, 2015 at 10:59 PM, Brad Hill <hillbrad@gmail.com> wrote: > I think that we could call it done and think about adding just > 'upgrade-insecure-navigations' to a Level 2. I think it is beneficial to > have that scope expansion available as extra behavior, but I don't see any > good use cases to formally "decompose" upgrade-insecure-resources out of the > existing behavior. (where it could only be used to weaken mixed content > fetching, which we don't want to do and won't necessarily ever produce good > results) Agreed. And I think we should only consider new features here if we find examples (as we did with upgrade-insecure-requests) of sites that would use this to migrate to HTTPS. -- https://annevankesteren.nl/
Received on Wednesday, 12 August 2015 13:35:17 UTC