[Webkit-unassigned] [Bug 143653] New: Implement CSP upgrade-insecure-requests directive

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=143653

            Bug ID: 143653
           Summary: Implement CSP upgrade-insecure-requests directive
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mike at w3.org

See https://w3c.github.io/webappsec/specs/upgrade/

“Instead of blocking mixed content, this will automatically upgrade it, helping sites with lots of legacy content to more easily move to TLS without having to worry about mixed content warnings in their UI.” (description from Anne van Kesteren)

Blink has already landed support for this and will ship it in Chrome 43: https://www.chromestatus.com/features/6534575509471232
Mozilla has an assigned bug open for it with implementation work in progress: https://bugzilla.mozilla.org/show_bug.cgi?id=1139297
Spartan/IE has it "under consideration" https://status.modern.ie/upgradeinsecureresourcerequests
Opera has already shipped it in Opera 30

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150413/61589d07/attachment.html>