Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #17966: Force upgrade of insecure requests

Download Browse

Chrome is doing it by default since the v84 [0], Firefox has the intention of doing the same thing [1]. This contribution opt-in to the change by using the CSP `upgrade-insecure-requests` directive [2]. That should give a consistent experience across all the supported browsers. [0] https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html [1] https://groups.google.com/g/mozilla.dev.platform/c/F163Jz32oYY/m/Kdz_pjf2AQAJ?pli=1 [2] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests Change-Id: Iecdc7da12338f38f745cc1e9d8192b168e5ddbe0

+1 −0
Thomas Gerbet (tgerbet) 2020-11-06 10:38
Thomas Gerbet (tgerbet) 2020-11-06 10:38
9f3894d3d5c98d240d1c7b983ecb87077a42b973
228349c36e6a4dd33b99c348efb7947573b0dc3d
git #tuleap/stable/9f3894d3d5c98d240d1c7b983ecb87077a42b973

Modified Files

Side by side diff
Inline diff
Name
M src/www/include/pre.php +1 −0 Go to diff View file