- From: Mike West <mkwst@google.com>
- Date: Tue, 30 Jun 2015 09:36:50 +0200
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=c1UYXB_kpFXTL1dsWLMR8+iaNpiUpJnEbf=H0dr5SJeA@mail.gmail.com>
Chrome 44 sends an `HTTPS: 1` header, as specced at https://w3c.github.io/webappsec/specs/upgrade/#preference. It looks like this is causing issues with some folks' servers. These are the bugs I've seen reported so far: * https://crbug.com/501095 * https://crbug.com/501842 * https://crbug.com/504357 My vague guess is that some configurations set internal variables based on header names (e.g. `HTTPS: 1` => `$HTTPS == 1`), which is confusing the poor programs. With this in mind, I think it might be advisable to change the header name, which means diving back into the bikeshed of https://github.com/w3c/webappsec/issues/216. Think we can agree on a name this week? If we can't, I'll run with `TLS: 1` by royal fiat. :) -- Mike West <mkwst@google.com>, @mikewest Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Tuesday, 30 June 2015 07:37:38 UTC