Re: Upgrade mixed content URLs through HTTP header

On Mon, Feb 2, 2015 at 4:35 PM, Mike West <mkwst@google.com> wrote:
> Would the effect of the header be equivalent to running `s/http:/https:/g`
> on the HTML? That is, at parse time, we would transparently replace
> `http://example.com/test.png` twith`https://example.com/test.png`?

Equivalent, but not identical. My proposal would be to upgrade in
Fetch similar to HSTS so that any scripts are not affected by URLs
changing.


> Or would this be similar to strict mixed content checking mode, blocking the
> requests without degrading the UI?

It would not be similar as we would attempt to fetch these resources
over TLS. Having said that, I don't understand why strict mixed
content would result in UI degradation. If we don't actually do
something that causes harm to the user (such as fetching mixed content
images), we shouldn't alert them about it.


-- 
https://annevankesteren.nl/

Received on Monday, 2 February 2015 15:39:39 UTC