Re: UPGRADE: Feature detection?

On 2015-02-11 15:34, Mike West wrote:
> While writing the example flow at
> https://w3c.github.io/webappsec/specs/upgrade/#examples, I stumbled over
> the problem of knowing when to redirect a user from an HTTP page to an
> HTTPS one. If you require the upgrade mechanism we're defining in order
> to give a user a reasonable experience, then you need to know whether or
> not she's capable of performing the upgrade before redirection.
>
> I think we should explicitly support this sort of feature detection,
> rather than relying on user agent sniffing*. Perhaps something like the
> following HTTP request header could be sent along with every
> navigational request (e.g. top-level navigations, new windows, and iframes):
>
>      Accept-Upgrade: https
> ...

Nitpicking on the field name; how about:

        Prefer: encrypted

(that at least avoids a new header field name, and already has a 
well-defined syntax and extensibility model).

Best regards, Julian

Received on Thursday, 12 February 2015 16:27:40 UTC