From e4ed336b467726fedc359a9e5817f9338c8d8d75 Mon Sep 17 00:00:00 2001 From: Florian Scholz Date: Thu, 7 Nov 2024 11:53:41 +0100 Subject: [PATCH 1/2] Add Upgrade insecure requests --- features/csp.yml | 1 - features/csp.yml.dist | 13 ------ .../draft/spec/upgrade-insecure-requests.yml | 10 ----- .../spec/upgrade-insecure-requests.yml.dist | 17 -------- features/upgrade-insecure-requests.yml | 7 ++++ features/upgrade-insecure-requests.yml.dist | 42 +++++++++++++++++++ 6 files changed, 49 insertions(+), 41 deletions(-) delete mode 100644 features/draft/spec/upgrade-insecure-requests.yml delete mode 100644 features/draft/spec/upgrade-insecure-requests.yml.dist create mode 100644 features/upgrade-insecure-requests.yml create mode 100644 features/upgrade-insecure-requests.yml.dist diff --git a/features/csp.yml b/features/csp.yml index 004ee3551a1..26ac27cba89 100644 --- a/features/csp.yml +++ b/features/csp.yml @@ -73,6 +73,5 @@ compat_features: - http.headers.Content-Security-Policy.style-src-attr - http.headers.Content-Security-Policy.style-src-elem - http.headers.Content-Security-Policy.unsafe-hashes - - http.headers.Content-Security-Policy.upgrade-insecure-requests - http.headers.Content-Security-Policy.worker-src - http.headers.Content-Security-Policy.worker_support diff --git a/features/csp.yml.dist b/features/csp.yml.dist index f52ec3db00b..2c961e14155 100644 --- a/features/csp.yml.dist +++ b/features/csp.yml.dist @@ -115,19 +115,6 @@ compat_features: # safari_ios: "9.3" - http.headers.Content-Security-Policy.frame-ancestors - # baseline: high - # baseline_low_date: 2018-04-30 - # baseline_high_date: 2020-10-30 - # support: - # chrome: "43" - # chrome_android: "43" - # edge: "17" - # firefox: "42" - # firefox_android: "42" - # safari: "10.1" - # safari_ios: "10.3" - - http.headers.Content-Security-Policy.upgrade-insecure-requests - # baseline: high # baseline_low_date: ≤2018-10-02 # baseline_high_date: ≤2021-04-02 diff --git a/features/draft/spec/upgrade-insecure-requests.yml b/features/draft/spec/upgrade-insecure-requests.yml deleted file mode 100644 index 7db9f1843b6..00000000000 --- a/features/draft/spec/upgrade-insecure-requests.yml +++ /dev/null @@ -1,10 +0,0 @@ -draft_date: 2024-10-23 -name: Upgrade Insecure Requests -description: TODO -spec: https://w3c.github.io/webappsec-upgrade-insecure-requests/ -compat_features: - - http.headers.Upgrade-Insecure-Requests - -# The following features in the spec are already part of web-features: -# - Content Security Policy (CSP): -# - http.headers.Content-Security-Policy.upgrade-insecure-requests diff --git a/features/draft/spec/upgrade-insecure-requests.yml.dist b/features/draft/spec/upgrade-insecure-requests.yml.dist deleted file mode 100644 index a213a70e93f..00000000000 --- a/features/draft/spec/upgrade-insecure-requests.yml.dist +++ /dev/null @@ -1,17 +0,0 @@ -# Generated from: upgrade-insecure-requests.yml -# Do not edit this file by hand. Edit the source file instead! - -status: - baseline: high - baseline_low_date: 2018-04-30 - baseline_high_date: 2020-10-30 - support: - chrome: "44" - chrome_android: "44" - edge: "17" - firefox: "48" - firefox_android: "48" - safari: "10.1" - safari_ios: "10.3" -compat_features: - - http.headers.Upgrade-Insecure-Requests diff --git a/features/upgrade-insecure-requests.yml b/features/upgrade-insecure-requests.yml new file mode 100644 index 00000000000..417d1270003 --- /dev/null +++ b/features/upgrade-insecure-requests.yml @@ -0,0 +1,7 @@ +name: Upgrade insecure requests +description: The `Upgrade-Insecure-Requests` HTTP header instructs a user agent to upgrade insecure resource requests to secure transport before fetching them. +spec: https://w3c.github.io/webappsec-upgrade-insecure-requests/ +group: security +compat_features: + - http.headers.Upgrade-Insecure-Requests + - http.headers.Content-Security-Policy.upgrade-insecure-requests diff --git a/features/upgrade-insecure-requests.yml.dist b/features/upgrade-insecure-requests.yml.dist new file mode 100644 index 00000000000..466a90b3938 --- /dev/null +++ b/features/upgrade-insecure-requests.yml.dist @@ -0,0 +1,42 @@ +# Generated from: upgrade-insecure-requests.yml +# Do not edit this file by hand. Edit the source file instead! + +status: + baseline: high + baseline_low_date: 2018-04-30 + baseline_high_date: 2020-10-30 + support: + chrome: "44" + chrome_android: "44" + edge: "17" + firefox: "48" + firefox_android: "48" + safari: "10.1" + safari_ios: "10.3" +compat_features: + # baseline: high + # baseline_low_date: 2018-04-30 + # baseline_high_date: 2020-10-30 + # support: + # chrome: "43" + # chrome_android: "43" + # edge: "17" + # firefox: "42" + # firefox_android: "42" + # safari: "10.1" + # safari_ios: "10.3" + - http.headers.Content-Security-Policy.upgrade-insecure-requests + + # ⬇️ Same status as overall feature ⬇️ + # baseline: high + # baseline_low_date: 2018-04-30 + # baseline_high_date: 2020-10-30 + # support: + # chrome: "44" + # chrome_android: "44" + # edge: "17" + # firefox: "48" + # firefox_android: "48" + # safari: "10.1" + # safari_ios: "10.3" + - http.headers.Upgrade-Insecure-Requests From 3fed1eb8a3f475ce00888d9becf2a7778ad0422b Mon Sep 17 00:00:00 2001 From: Florian Scholz Date: Mon, 18 Nov 2024 12:37:41 +0100 Subject: [PATCH 2/2] Update features/upgrade-insecure-requests.yml Co-authored-by: Daniel D. Beck --- features/upgrade-insecure-requests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/upgrade-insecure-requests.yml b/features/upgrade-insecure-requests.yml index 417d1270003..76021dc7aae 100644 --- a/features/upgrade-insecure-requests.yml +++ b/features/upgrade-insecure-requests.yml @@ -1,5 +1,5 @@ name: Upgrade insecure requests -description: The `Upgrade-Insecure-Requests` HTTP header instructs a user agent to upgrade insecure resource requests to secure transport before fetching them. +description: The `Upgrade-Insecure-Requests` HTTP request header tells the server that the response should redirect to a secure (HTTPS) resource. spec: https://w3c.github.io/webappsec-upgrade-insecure-requests/ group: security compat_features: