W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: [UPGRADE]: What's left?

From: Ilya Grigorik <igrigorik@google.com>
Date: Tue, 10 Mar 2015 15:56:32 -0700
Message-ID: <CADXXVKoycvnKAWP94cO7Ag8Sv2GdYFxOHAhbY-3c9jarvAxojg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Brad Hill <hillbrad@gmail.com>, Mike West <mkwst@google.com>, Eric Mill <eric@konklone.com>, Peter Eckersley <pde@eff.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Jeff Hodges <Jeff.Hodges@kingsmountain.com>, Tanvi Vyas <tanvi@mozilla.com>, Yves Lafon <ylafon@w3.org>, T Guild <ted@w3.org>, Daniel Appelquist <appelquist@gmail.com>, Alex Russell <slightlyoff@google.com>, Yoav Weiss <yoav@yoav.ws>, Mark Nottingham <mnot@mnot.net>
On Tue, Mar 10, 2015 at 3:42 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> Link: <https://equivalent/path>;rel="secure"
>
> Is probably OK.  That means that you have the content from the body of
> the response, but you can follow the link to find a secure version.
> Then you only have to worry about minimizing the unsecured junk you
> are using to base decisions on.
>

+1. Albeit treating rel=secure as an implicit redirect still feels a bit
odd to me.
Received on Tuesday, 10 March 2015 22:57:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC