W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2016

Update to w3.org site configuration [UPGRADE]

From: Wendy Seltzer <wseltzer@w3.org>
Date: Tue, 12 Apr 2016 18:17:54 -0400
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Cc: Jose Kahan <jose.kahan@w3.org>, Ted Guild <ted@w3.org>
Message-ID: <570D7412.2010805@w3.org>
Hi WebAppSec,

As Upgrade Insecure Requests is not currently implemented in all of the
major browsers, W3C has decided to change the setup of the w3.org site.
Instead of issuing HSTS and Upgrade Insecure to all clients, which was
causing mixed-content blockage in several browsers, the site is now
doing user-agent switching: offering HTTPS to those clients that support
Upgrade Insecure, and HTTP to those that don't yet support it.

We've talked with large site operators who look forward to using Upgrade
Insecure to update their sites to HTTPS. We similarly look forward to
helping all browsers to implement the Upgrade Insecure Requests spec and
retiring the UA-sniffing setup on w3.org.


Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
https://wendy.seltzer.org/        +1.617.863.0613 (mobile)
Received on Tuesday, 12 April 2016 22:17:59 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:19 UTC