@@ -3089,6 +3089,112 @@ an <a>implementation-defined</a> value.
30893089</ol>
30903090</div>
30913091
3092+ <h3 id=https-upgrades>HTTPS upgrades</h3>
3093+
3094+ <div algorithm>
3095+
3096+ <p> User agents may optionally upgrade requests with <a>potentially untrustworthy URL</a> s
3097+ to attempt to fetch them over <a>potentially trustworthy URL</a> s. If an upgraded request
3098+ fails with a network error, it is retried over the original URL.
3099+
3100+ <p> The HTTPS Upgrades algorithm consists of Upgrade and Fallback algorithms, with the following
3101+ steps:
3102+
3103+ <h4>Upgrade algorithm</h4>
3104+
3105+ <p> Given a request <var> request</var> , this algorithm will rewrite its URL if the request should be
3106+ modified and loaded over <code> "https"</code> , via the following algorithm:
3107+
3108+ <ol>
3109+ <li>
3110+ <p> If one or more of the following conditions are met, return without modifying request:
3111+ <ul>
3112+ <li><p><var> request</var> is not a navigation request whose destination is document</li>
3113+
3114+ <li><p><var> request</var> 's method is not `<code> GET</code> `</li>
3115+
3116+ <li><p><var> request</var> 's URL' s scheme is not <code> "http"</code></li>
3117+
3118+ <li><p><var> request</var> 's URL' s host is non-unique (i.e., contains a non-registrable or
3119+ non-assignable domain name such as .local or an IP address that falls in a range reserved for
3120+ non-publicly routable networks)</li>
3121+
3122+ <li><p> Optionally, <var> request</var> 's URL' s host is exempted from upgrades by the user agent
3123+ </li>
3124+ </ul>
3125+ </li>
3126+
3127+ <li><p> If <var> request</var> 's <code> https-upgrade-fallback-url</code> is non-null, this is a
3128+ fallback request that shouldn't be upgraded again. Clear the <code> https-upgrade</code> and
3129+ <code> https-upgrade-fallback-url</code> flags and return <var> request</var> .</li>
3130+
3131+ <li><p> Otherwise, upgrade the request by setting the following fields:
3132+ <ul>
3133+ <li> Set <code> https-upgrade-fallback-url</code> to request's URL</li>
3134+ <li> Set <var> request</var> 's URL' s scheme to <code> "https"</code></li>
3135+ <li> Set <code> https-upgrade</code> flag to true</li>
3136+ </ul>
3137+ </li>
3138+ </ol>
3139+
3140+ <h4>Fallback algorithm</h4>
3141+
3142+ <p> Runs after the Upgrade algorithm. This algorithm determines whether the upgraded
3143+ request completed without a network error. If not, it retries the request over <code> "http"</code> .
3144+
3145+ <ol>
3146+ <li><p> If the <code> https-upgrade</code> flag is not set, return without modifying request.</li>
3147+
3148+ <li><p> Otherwise, this is an upgraded request. Let <var> upgradedResponse</var> be the result of
3149+ fetching the upgraded request.</li>
3150+
3151+ <li>
3152+ <p> If <var> upgradedResponse</var> is a network error, initiate a fallback http load by doing the
3153+ following:
3154+
3155+ <ul>
3156+ <li><p> Set <var> request</var> 's URL to the value of <var>request</var>' s
3157+ <code> https-upgrade-fallback-url</code> flag</li>
3158+
3159+ <li><p> Set response to the result of running <a>HTTP-redirect fetch</a> given fetchParams and
3160+ <var> upgradedResponse</var> .</li>
3161+ </ul>
3162+ </li>
3163+
3164+ <li><p> Otherwise, the upgrade was successful. Return <var> upgradedResponse</var> .</li>
3165+ </ol>
3166+
3167+ <p>
3168+ Optionally, user agents may implement a fast-fallback option by canceling slow fetches on upgraded
3169+ requests and quickly initiate a fallback http load.
3170+
3171+ </div>
3172+
3173+ <h4>Examples</h4>
3174+
3175+ <div id=example-https-upgrade-good-https class=example>
3176+ <p>
3177+ <code> a.com</code> serves both <code> http://a.com</code> and <code> https://a.com</code> .
3178+ An eligible request to <code> http://a.com</code> will be upgraded to <code> https://a.com</code> .
3179+ </div>
3180+
3181+ <div id=example-https-upgrade-bad-https class=example>
3182+ <p>
3183+ <code> a.com</code> serves <code> http://a.com</code> but refuses connections on
3184+ <code> https://a.com</code> .
3185+ An eligible request to <code> http://a.com</code> will be upgraded to <code> https://a.com</code> ,
3186+ but the fetch will fail.
3187+ A fallback request will be initiated to <code> http://a.com</code> .
3188+ </div>
3189+
3190+ <div id=example-https-upgrade-slow-https class=example>
3191+ <p>
3192+ Optional fast-fallback example: <code> a.com</code> serves <code> http://a.com</code> and loads very
3193+ slowly over <code> https://a.com</code> .
3194+ An eligible request to <code> http://a.com</code> will be upgraded to <code> https://a.com</code> .
3195+ If the upgraded request doesn't return a response for N seconds, the fetch will be canceled.
3196+ A fallback request will be initiated to <code> http://a.com</code> .
3197+ </div>
30923198
30933199<h3 id=port-blocking>Port blocking</h3>
30943200
@@ -4409,7 +4515,7 @@ steps:
44094515 <li><p> <a>Upgrade <var>request</var> to a potentially trustworthy URL, if appropriate</a> .
44104516
44114517 <li><p> If <var> request</var> is a <a>navigation request</a> whose <a for=request>destination</a>
4412- is " <code> document</code> , <var> request</var> 's <a for=request>method</a> is <code> GET</code> ,
4518+ is <code> document</code> , <var> request</var> 's <a for=request>method</a> is <code> GET</code> ,
44134519 and <var> request</var> 's <a for=request>URL</a> is not a <a>potentially trustworthy URL</a> ,
44144520 optionally upgrade it to a <a>potentially trustworthy URL<a>. If <var>request</var> is upgraded,
44154521 set <var>request</var>'s <a for=request>https-upgrade</a> flag to true.
0 commit comments