W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2015

Re: UPGRADE: Feature detection?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 12 Feb 2015 17:57:00 +1100
Message-ID: <CABkgnnWPDk3dj=dmq9r0t3t-VjRdo-=FXFLoseGtmKY9zYiMqw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Peter Eckersley <pde@eff.org>, Eric Mill <eric@konklone.com>, Jacob S Hoffman-Andrews <jsha@eff.org>
On 12 February 2015 at 17:51, Mike West <mkwst@google.com> wrote:
> 2. Moreover, there's no harm in redirecting _all_ non-HTML/non-Worker
> requests to HTTPS, is there? That would simplify server-side logic. :)


That's a bold assertion.  So, for resource fetching with GET, you can
cause no harm on the protocol end, so go for broke.

You can only do that if the method is safe and idempotent, but I think
that is as far as you intended to go anyway.
Received on Thursday, 12 February 2015 06:57:28 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:10 UTC