- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 17 Jan 2008 19:03:16 +0100
- To: public-wsc-wg@w3.org
- Cc: tyler.close@hp.com
Section 7.2 [1] was the object of recent discussions around ISSUE-123, noticing that the technique described in this section is not guaranteed to work. I propose to add the following note to an eventual rewrite of the section (which Tyler owes as ACTION-368): The technique outlined in this section is a best effort to steer the user toward a safer interaction. There is no guarantee that replacing the scheme in an "http" URI by "https" leads to a URI that references a resource in any way related to the original one. Also, when the current page was obtained through an unsafe HTTP interaction (such as POST), performing a GET request on a URI that was produced in this way might negatively affect session-based web applications. Tyler, can you just copy and paste this in (and possibly smoothen the language a bit) when you do ACTION-368? As a side remark, I wonder if there is an authoring best practice in here (for section 9) that suggests keeping http and https URI spaces consistent. Thoughts? 1. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#safebar-must-have-tls -- Thomas Roessler, W3C <tlr@w3.org>
Received on Thursday, 17 January 2008 18:03:29 UTC