Re: [UPGRADE]: What's left? from Ilya Grigorik on 2015-03-10 (public-webappsec@w3.org from March 2015)

From: Ilya Grigorik <igrigorik@google.com>
Date: Tue, 10 Mar 2015 15:56:32 -0700
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Brad Hill <hillbrad@gmail.com>, Mike West <mkwst@google.com>, Eric Mill <eric@konklone.com>, Peter Eckersley <pde@eff.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Jeff Hodges <Jeff.Hodges@kingsmountain.com>, Tanvi Vyas <tanvi@mozilla.com>, Yves Lafon <ylafon@w3.org>, T Guild <ted@w3.org>, Daniel Appelquist <appelquist@gmail.com>, Alex Russell <slightlyoff@google.com>, Yoav Weiss <yoav@yoav.ws>, Mark Nottingham <mnot@mnot.net>
Message-ID: <CADXXVKoycvnKAWP94cO7Ag8Sv2GdYFxOHAhbY-3c9jarvAxojg@mail.gmail.com>

On Tue, Mar 10, 2015 at 3:42 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> Link: <https://equivalent/path>;rel="secure"
>
> Is probably OK.  That means that you have the content from the body of
> the response, but you can follow the link to find a secure version.
> Then you only have to worry about minimizing the unsecured junk you
> are using to base decisions on.
>

+1. Albeit treating rel=secure as an implicit redirect still feels a bit
odd to me.

Received on Tuesday, 10 March 2015 22:57:39 UTC