W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: Testing W3C's HTTPS setup

From: Tanvi Vyas <tanvi@mozilla.com>
Date: Tue, 22 Sep 2015 17:24:25 -0700
To: Mike West <mkwst@google.com>, Jose Kahan <jose.kahan@w3.org>
Cc: Wendy Seltzer <wseltzer@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <5601F139.1020506@mozilla.com>
On 9/21/15 3:59 AM, Mike West wrote:
> On Mon, Sep 21, 2015 at 12:28 PM, Jose Kahan <jose.kahan@w3.org 
> <mailto:jose.kahan@w3.org>> wrote:
>
>     Today we had a news item with an absolute HTTP link to an image
>     and this
>     revelead it. Firefox will also complain if there are absolute http
>     links to CSS files.
>
>
> Is it possible that you're relying on `Upgrade-Insecure-Requests`, and 
> that you're using a version of Firefox which doesn't yet support it? I 
> think they're shipping in 42.
Firefox supports the upgrade-insecure-requests in versions 42+. Firefox 
42 is currently in beta and goes to release on November 3rd.
Received on Wednesday, 23 September 2015 00:24:59 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC