
<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Implement CSP upgrade-insecure-requests directive"

   href="https://bugs.webkit.org/show_bug.cgi?id=143653">143653</a>

          </td>

        </tr>


        <tr>

          <th>Summary</th>

          <td>Implement CSP upgrade-insecure-requests directive

          </td>

        </tr>


        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>


        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>


        <tr>

          <th>Version</th>

          <td>528+ (Nightly build)

          </td>

        </tr>


        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>


        <tr>

          <th>OS</th>

          <td>Unspecified

          </td>

        </tr>


        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>


        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>


        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>


        <tr>

          <th>Component</th>

          <td>New Bugs

          </td>

        </tr>


        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>


        <tr>

          <th>Reporter</th>

          <td>mike&#64;w3.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>See <a href="https://w3c.github.io/webappsec/specs/upgrade/">https://w3c.github.io/webappsec/specs/upgrade/</a>


“Instead of blocking mixed content, this will automatically upgrade it, helping sites with lots of legacy content to more easily move to TLS without having to worry about mixed content warnings in their UI.” (description from Anne van Kesteren)


Blink has already landed support for this and will ship it in Chrome 43: <a href="https://www.chromestatus.com/features/6534575509471232">https://www.chromestatus.com/features/6534575509471232</a>

Mozilla has an assigned bug open for it with implementation work in progress: <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1139297">https://bugzilla.mozilla.org/show_bug.cgi?id=1139297</a>

Spartan/IE has it &quot;under consideration&quot; <a href="https://status.modern.ie/upgradeinsecureresourcerequests">https://status.modern.ie/upgradeinsecureresourcerequests</a>

Opera has already shipped it in Opera 30</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      
      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>