W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: Testing W3C's HTTPS setup

From: Mike West <mkwst@google.com>
Date: Wed, 23 Sep 2015 06:29:17 +0200
Message-ID: <CAKXHy=fBeOF8FGv7gEX5msv4T5h9qKWK31YY1UmpzzKcdyWWyA@mail.gmail.com>
To: Jose Kahan <jose.kahan@w3.org>
Cc: Wendy Seltzer <wseltzer@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Sep 21, 2015 at 1:22 PM, Jose Kahan <jose.kahan@w3.org> wrote:

> If there's no other available solution at the moment that fixes
> firefox's behavior, we'll have to roll-back.
>

Hi Jose!

It looks like you've rolled things back. I still don't understand what you
need in order to roll things out again.

Can you help me understand your expectations around HSTS and
`upgrade-insecure-requests`? In particular, it's not at all clear to me
what was happening in Firefox that wasn't happening in other browsers that
don't support the header (which, presumably, you also want to support on
the website).

-mike
Received on Wednesday, 23 September 2015 04:30:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC