Contact emailscth...@chromium.org, dadr...@google.com Explainerhttps://github.com/dadrian/https-upgrade/blob/main/explainer.md
Specificationhttps://github.com/whatwg/fetch/pull/1655 Summary Automatically and optimistically upgrade all main-frame navigations to HTTPS, with fast fallback to HTTP. Blink componentInternals>Network>SSL>HttpsUpgrades <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3ESSL%3EHttpsUpgrades> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/853 TAG review statusPending Risks Interoperability and Compatibility *Gecko*: Positive (https://github.com/mozilla/standards-positions/issues/800) Firefox is offering a similar feature already in their private browsing mode by default *WebKit*: No signal ( https://github.com/WebKit/standards-positions/issues/185) *Web developers*: No signals No specific web developer signals. This feature is not exposed directly to web developers or users. However, HTTPS adoption is now standard practice (>90% of page loads in Chrome use HTTPS), and automatically upgrading navigations to HTTPS would avoid unnecessary redirects from HTTP to HTTPS for site owners. The `upgrade-insecure-requests` header has some similar functionality, and according to HTTP-Archive is found on ~6% of all requests. *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? Goals for experimentation Identify and assess breakage (e.g., sites that allow HTTPS connections but are broken or serve different content) and identify any blocking implementation bugs. Ongoing technical constraints None -- we believe we are ready to ship pending approvals on our Intent-to-Ship. Debuggability Chrome will upgrade these navigations to HTTPS using a 307 internal redirect, which will be visible in the Network panel of Developer Tools. These redirects include a `Non-Authoritative-Reason: HttpsUpgrades` header to identify the source. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?No Currently not available on Android WebView. We are implementing this first for Chrome and will consider bringing this to WebView (likely as an embedder opt-in) as follow up work. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?Yes (https://wpt.fyi/results/https-upgrades/tentative) Flag name on chrome://flagshttps-upgrades Finch feature nameHttpsUpgrades Non-finch justificationNone Requires code in //chrome?True Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=1394910 Launch bughttps://launch.corp.google.com/launch/4235192 Estimated milestones Shipping on desktop 115 DevTrial on desktop 115 Shipping on Android 115 DevTrial on Android 115 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). https://github.com/whatwg/fetch/pull/1655 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/6056181032812544 Links to previous Intent discussions Intent to ship: https://groups.google.com/a/chromium.org/g/blink-dev/c/cAS525en8XE/m/OdMMGgLXAgAJ Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/mgJqym5-Xek/m/0EAN6v7CCQAJ This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALMy46SmoU%3DwPKAHaiamVV7%3DaKz%3DqBy17bp_X98yHNN6fg5CYw%40mail.gmail.com.
