Skip to content

UPGRADE: Consider upgrade-insecure-requests in an insecure response as redirecting. #212

Closed
@mikewest

Description

@mikewest

If a user navigates to http://example.com/ (insecure), and receives Content-Security-Policy: upgrade-insecure-requests as a response header, her client should behave as though it received a redirect response to https://example.com/.

This would remove the necessity for sending a positive Prefer: return=secure-representation signal on insecure navigations, as the server can simply opt-in on insecure responses.

Without thinking about it too hard, this seems clever. :)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions