W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: UPGRADE: 'HTTPS' header causing compatibility issues.

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 8 Jul 2015 09:29:46 -0700
Message-ID: <CABkgnnVmRxwSyoRyt9q6Tz_eZ5V-_SHok9x6FrPVfT177FqCUw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Adrian Hope-Bailie <adrian@hopebailie.com>, Richard Barnes <rbarnes@mozilla.com>, Ilya Grigorik <igrigorik@google.com>, Anne van Kesteren <annevk@annevk.nl>, "Nottingham, Mark" <mnotting@akamai.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 8 July 2015 at 07:53, Mike West <mkwst@google.com> wrote:
> `upgrade-insecure-requests: 1`, going once, going twice...

OK, I'll bite.  -requests seems unnecessarily verbose.  I mean, yes,
we do want to be precise and clear, but `upgrade-insecure` seems
enough; though only if you also change the CSP directive name I
Received on Wednesday, 8 July 2015 16:30:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:49 UTC