HSTS/ UIR/ Chrome and Form actions. Issue or feature?

From: Jose Kahan <jose.kahan@w3.org> Date: Tue, 19 Apr 2016 15:08:52 +0200 To: public-webappsec@w3.org Cc: mkwst@google.com Message-ID: <20160419130851.GA20828@kiribati.inrialpes.fr> · This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:19 UTC

Hi,

This is now fixed. 

I'm curious to know if this is not a chrome-related bug?
We have both HSTS and UIR headers and the end point of those forms
are w3.org URLs. I would expect the browser should "upgrade" 
those links to HTTPS. Firefox didn't raise a warning.

Why is chrome specific about it? Is it an issue or am
I missing something?

Thanks!

-jose

On Wed, Apr 13, 2016 at 04:16:44PM -0400, Eric Mill wrote:
> I still get a mixed content error on w3.org in Chrome because of
> forms pointing to insecure endpoints.