Proxying content on the back end is one way around this for some use cases, but not a universal solution. On Tue, Mar 17, 2015 at 12:39 PM Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > On Tue 2015-03-17 13:10:50 -0400, Brad Hill wrote: > > Remember this isn't just about user agents. A specifically motivating > use > > case is sites that need to access data that is only available over http > > from legacy origins which are perhaps mostly-unmaintained and may take a > > very long time to get with the https program. > > > > In such cases, it is ideal to provide an application owner a way to get > > user-agent assistance in rewriting links automatically from http->https, > > a-la-HSTS, but not simultaneously force entire origins to be exclusively > > available over https, since they may need to occasionally send users to > an > > application loaded from http in order that it might access insecure > > third-party data at legacy endpoints. > > But it *is* about user agents. If a site needs to access data itself > (without a user agent involved) it can do so with whatever policy it > wants. > > --dkg >Received on Tuesday, 17 March 2015 20:05:53 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC