Open Bug 1601290 Opened 6 years ago Updated 5 years ago

Upgrade Insecure Requests impacts Response objects weirdly

Categories

(Core :: DOM: Security, defect, P3)

Product:

Component:

Type:

defect

Priority:

P3

Severity:

S3

Tracking

()

Status:

NEW

People

(Reporter: annevk, Unassigned)

Details

(Whiteboard: [domsecurity-backlog2])

Reporter

Description

•

6 years ago

Navigate to https://www.w3.org/ (and verify they still use this Upgrade Insecure Requests).
fetch("http://www.w3.org/").then(console.log)
fetch("https://www.w3.org/").then(console.log)

Redirected should not be true for either. Response type should be the same (though see https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/20 for that one). I wanted to write tests for this, but see https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/19.

Daniel Veditz [:dveditz]

Updated

•

6 years ago

Priority: -- → P3

Whiteboard: [domsecurity-backlog2]

Christoph Kerschbaumer [:ckerschb}

Updated

•

5 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.