On Mon, Feb 2, 2015 at 4:47 PM, Mike West <mkwst@google.com> wrote: > On Mon, Feb 2, 2015 at 4:39 PM, Anne van Kesteren <annevk@annevk.nl> wrote: >> Equivalent, but not identical. My proposal would be to upgrade in >> Fetch similar to HSTS so that any scripts are not affected by URLs >> changing. > > Hrm. So the result would be the same as a redirect? The document would have > an insecure URL, but we'd end up making a secure request? Somewhat and yes. (Redirect seems like the wrong analogy since there's no insecurity involved.) > That said, I'm not sure it actually solves W3C's concern, as it would leave > legacy clients out in the cold. The only way to support clients that don't > support the thing we haven't implemented yet would be to alter the links at > the source. I totally understand that that's difficult, but it seems > essential. Yeah, this would only work if all browsers upgrade (or enough for sites to start using it). So it would help with the long tail of non-TLS properties, not those at the forefront. -- https://annevankesteren.nl/Received on Monday, 2 February 2015 15:54:28 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC