W3C home > Mailing lists > Public > site-comments@w3.org > March 2016

Upgrade Insecure Requests in W3C Specifications

From: Franklin Tse <franklinwhale@hotmail.com>
Date: Mon, 07 Mar 2016 09:31:42 +0100
Message-ID: <BAY178-DS3A579DB0D04AC0889C894A3B00@phx.gbl>
To: site-comments@w3.org
Hello,

w3.org can now be viewed in HTTPS and there is a Content Security Policy
asking browsers to upgrade insecure requests across the site. I note that
"Upgrade Insecure Requests" is currently a W3C Candidate Recommendation
and some browsers have implemented it. However, that means some browsers
have not implemented the directive, and as a result users of those
browsers encounter broken pages, especially for those who have strict
mixed content checking enabled.

Enabling HTTPS is good, and "Upgrade Insecure Requests" appears to provide
an easier way for website administrators to enable HTTPS. I agree that
there is a need to promote and experience it, but I think there has to be
a balance between using cutting-edge technology and maintaining a
reasonably wide range of viewers.

One of the primary objectives to come to w3.org is for accessing the W3C
specifications. W3C should update the paths of stylesheets and images on
W3C specifications and notes to relative links, so that browsers that do
not support Upgrade Insecure Requests can load W3C specifications properly.

Regards,
Franklin Tse
Received on Monday, 7 March 2016 08:47:43 UTC

This archive was generated by hypermail 2.3.1 : Monday, 7 March 2016 08:47:44 UTC