diff --git a/fetch.bs b/fetch.bs index 7d7f4d920..c4d671917 100644 --- a/fetch.bs +++ b/fetch.bs @@ -2157,6 +2157,17 @@ Unless stated otherwise, it is false.

This flag is for exclusive use by HTML's render-blocking mechanism. [[!HTML]] +

A request has an associated boolean is HTTPS upgrade. +Unless stated otherwise, it is false. + +

This is for exclusive use by HTTPS Upgrading algorithm. + +

A request has an associated +HTTPS upgrade fallback URL, which is a URL. Unless +otherwise stated, it is null. + +

This is for exclusive use by HTTPS Upgrading algorithm. +


A request has an associated @@ -3265,6 +3276,110 @@ through TLS using ALPN. The protocol cannot be spoofed through HTTP requests in +

HTTPS upgrading

+ +

User agents may optionally upgrade requests with URLs that are not +potentially trustworthy URLs to attempt to fetch them over +potentially trustworthy URLs. If an upgraded request fails with a network error, it is +retried over the original URL. + +

The HTTPS upgrading algorithm consists of upgrade an HTTP request and HTTPS upgrade +fallback algorithms. + +

+

HTTPS upgrade algorithm

+ +

To upgrade an HTTP request given a request request: + +

    +
  1. +

    If one or more of the following conditions are met, return: +

      +
    • request's destination is not "document" + +

    • request's method is not "GET" + +

    • request's URL's scheme is not + "http" + +

    • +

      request's URL's host is exempted from + upgrades in an implementation-defined way. + +

      If host is a + non-registrable or non-assignable domain name such as .local or an IP address that falls in a + range reserved for non-publicly routable networks, the implementation might return without + modifying request. +

    +
  2. + +
  3. +

    If request's HTTPS upgrade fallback URL is non-null, clear + is HTTPS upgrade and HTTPS upgrade fallback URL and return. + +

    This is a fallback request that shouldn't be upgraded again. + +

  4. +

    Otherwise, set the following fields: +

    +
  5. +
+
+ +
+

Fallback algorithm

+ +

To run HTTPS upgrade fallback given a request request and +response response: + +

    +
  1. If request's is HTTPS upgrade is not set, return + response. + +

  2. +

    If response is a network error, run the following steps: +

    This means that the upgrade failed and initiates a fallback load. +

      +
    1. Let fallbackResponse be a new Response with its + Location header set to request's HTTPS upgrade fallback + URL, and its status set to 307. + +

    2. Return fallbackResponse. +
    + +
  3. +

    Return response. +

    This means the upgrade was successful. + +

+

User agents can implement a fast-fallback path by canceling slow fetches on upgraded +requests, in order to quickly initiate a fallback http load. + +

+ +

Examples

+ +
+

a.com serves both http://a.com and https://a.com. An + eligible request to http://a.com will be upgraded to https://a.com. +

+ +
+

+ a.com serves http://a.com but refuses connections on + https://a.com. + An eligible request to http://a.com will be upgraded to https://a.com, + but the fetch will fail. + A fallback request will be initiated to http://a.com. +

HTTP extensions

@@ -4445,6 +4560,14 @@ steps:
  • Upgrade request to a potentially trustworthy URL, if appropriate. +

  • +

    Optionally, run upgrade an HTTP request algorithm on request. + +

    HTTPS upgrading only applies to requests with HTTP(S) schemes, but it's done + in main fetch instead of HTTP fetch to ensure that + upgrade a mixed content request to a potentially trustworthy URL, if appropriate + step runs next and applies to the upgraded request. +

  • Upgrade a mixed content request to a potentially trustworthy URL, if appropriate.

  • If should request be blocked due to a bad port, @@ -5153,12 +5276,14 @@ these steps: filtered response; otherwise to response's internal response. +

  • If response's type is "error", then + return the result of running HTTPS upgrade fallback given request + and a network error. +

  • If one of the following is true