@@ -2157,6 +2157,17 @@ Unless stated otherwise, it is false.
21572157
21582158<p class=note> This flag is for exclusive use by HTML's render-blocking mechanism. [[!HTML]]
21592159
2160+ <p> A <a for=/>request</a> has an associated boolean <dfn export for=request>is HTTPS upgrade</dfn> .
2161+ Unless stated otherwise, it is false.
2162+
2163+ <p class=note> This is for exclusive use by HTTPS Upgrading algorithm.
2164+
2165+ <p> A <a for=/>request</a> has an associated
2166+ <dfn export for=request>HTTPS upgrade fallback URL</dfn> , which is a <a for=/>URL</a> . Unless
2167+ otherwise stated, it is null.
2168+
2169+ <p class=note> This is for exclusive use by HTTPS Upgrading algorithm.
2170+
21602171<hr>
21612172
21622173<p> A <a for=/>request</a> has an associated
@@ -3265,6 +3276,110 @@ through TLS using ALPN. The protocol cannot be spoofed through HTTP requests in
32653276</div>
32663277
32673278
3279+ <h3 id=https-upgrades>HTTPS upgrading</h3>
3280+
3281+ <p> User agents may optionally upgrade requests with URLs that are not
3282+ <a>potentially trustworthy URLs</a> to attempt to fetch them over
3283+ <a>potentially trustworthy URLs</a> . If an upgraded request fails with a network error, it is
3284+ retried over the original URL.
3285+
3286+ <p> The HTTPS upgrading algorithm consists of <a>upgrade an HTTP request</a> and <a>HTTPS upgrade
3287+ fallback</a> algorithms.
3288+
3289+ <div algorithm>
3290+ <h4 id=https-upgrades-upgrade>HTTPS upgrade algorithm</h4>
3291+
3292+ <p> To <dfn>upgrade an HTTP request</dfn> given a <a for=/>request</a> <var> request</var> :
3293+
3294+ <ol>
3295+ <li>
3296+ <p> If one or more of the following conditions are met, return:
3297+ <ul>
3298+ <li><p><var> request</var> 's <a for="request">destination</a> is not "<code> document</code> "
3299+
3300+ <li><p><var> request</var> 's <a for="request">method</a> is not "<code> GET</code> "
3301+
3302+ <li><p><var> request</var> 's <a for="request">URL</a>' s <a for="url">scheme</a> is not
3303+ "<code> http</code> "
3304+
3305+ <li>
3306+ <p><var> request</var> 's <a for="request">URL</a>' s <a for="url">host</a> is exempted from
3307+ upgrades in an <a>implementation-defined</a> way.
3308+
3309+ <p class=example id="example-https-upgrades-exempted-hosts"> If <a for=url>host</a> is a
3310+ non-registrable or non-assignable domain name such as .local or an IP address that falls in a
3311+ range reserved for non-publicly routable networks, the implementation might return without
3312+ modifying <var> request</var> .
3313+ </ul>
3314+ </li>
3315+
3316+ <li>
3317+ <p> If <var> request</var> 's <a for=request>HTTPS upgrade fallback URL</a> is non-null, clear
3318+ <a for=request>is HTTPS upgrade</a> and <a for=request>HTTPS upgrade fallback URL</a> and return.
3319+
3320+ <p class=note> This is a fallback request that shouldn't be upgraded again.
3321+
3322+ <li>
3323+ <p> Otherwise, set the following fields:
3324+ <ul>
3325+ <li><p> Set <a for=request>HTTPS upgrade fallback URL</a> to <var> request</var> 's
3326+ <a for="request">URL</a> .
3327+
3328+ <li><p> Set <var> request</var> 's <a for="request">URL</a>' s <a for="url">scheme</a> to
3329+ "<code> https</code> ".
3330+
3331+ <li><p> Set <a for=request>is HTTPS upgrade</a> to true.
3332+ </ul>
3333+ </li>
3334+ </ol>
3335+ </div>
3336+
3337+ <div algorithm>
3338+ <h4 id=https-upgrades-fallback>Fallback algorithm</h4>
3339+
3340+ <p> To run <dfn>HTTPS upgrade fallback</dfn> given a <a for=/>request</a> <var> request</var> and
3341+ <a for=/>response</a> <var> response</var> :
3342+
3343+ <ol>
3344+ <li><p> If <var> request</var> 's <a for=request>is HTTPS upgrade</a> is not set, return
3345+ <var> response</var> .
3346+
3347+ <li>
3348+ <p> If <var> response</var> is a network error, run the following steps:
3349+ <p class=note> This means that the upgrade failed and initiates a fallback load.
3350+ <ol>
3351+ <li><p> Let <var> fallbackResponse</var> be a new <a for=/>Response</a> with its
3352+ <code> Location</code> header set to <var> request</var> 's <a for=request>HTTPS upgrade fallback
3353+ URL</a> , and its <a for="response">status</a> set to 307.
3354+
3355+ <li> Return <var> fallbackResponse</var> .
3356+ </ol>
3357+
3358+ <li>
3359+ <p> Return <var> response</var> .
3360+ <p class=note> This means the upgrade was successful.
3361+
3362+ </ol>
3363+ <p class=note> User agents can implement a fast-fallback path by canceling slow fetches on upgraded
3364+ requests, in order to quickly initiate a fallback http load.
3365+
3366+ </div>
3367+
3368+ <h4 id=http-upgrades-examples>Examples</h4>
3369+
3370+ <div id=example-https-upgrade-good-https class=example>
3371+ <p><code> a.com</code> serves both <code> http://a.com</code> and <code> https://a.com</code> . An
3372+ eligible request to <code> http://a.com</code> will be upgraded to <code> https://a.com</code> .
3373+ </div>
3374+
3375+ <div id=example-https-upgrade-bad-https class=example>
3376+ <p>
3377+ <code> a.com</code> serves <code> http://a.com</code> but refuses connections on
3378+ <code> https://a.com</code> .
3379+ An eligible request to <code> http://a.com</code> will be upgraded to <code> https://a.com</code> ,
3380+ but the fetch will fail.
3381+ A fallback request will be initiated to <code> http://a.com</code> .
3382+ </div>
32683383
32693384<h2 id=http-extensions>HTTP extensions</h2>
32703385
@@ -4445,6 +4560,14 @@ steps:
44454560
44464561 <li><p> <a>Upgrade <var>request</var> to a potentially trustworthy URL, if appropriate</a> .
44474562
4563+ <li>
4564+ <p> Optionally, run <a>upgrade an HTTP request</a> algorithm on <var> request</var> .
4565+
4566+ <p class=note> HTTPS upgrading only applies to requests with <a>HTTP(S) scheme</a> s, but it's done
4567+ in <a>main fetch</a> instead of <a>HTTP fetch</a> to ensure that
4568+ <a>upgrade a mixed content <var>request</var> to a potentially trustworthy URL, if appropriate</a>
4569+ step runs next and applies to the upgraded request.
4570+
44484571 <li><p> <a>Upgrade a mixed content <var>request</var> to a potentially trustworthy URL, if appropriate</a> .
44494572
44504573 <li><p> If <a lt="block bad port">should <var>request</var> be blocked due to a bad port</a> ,
@@ -5153,12 +5276,14 @@ these steps:
51535276 <a>filtered response</a> ; otherwise to <var> response</var> 's
51545277 <a for="filtered response">internal response</a> .
51555278
5279+ <li><p> If <var> response</var> 's <a for=response>type</a> is "<code> error</code> ", then
5280+ return the result of running <a>HTTPS upgrade fallback</a> given <var> request</var>
5281+ and a <a>network error</a> .
5282+
51565283 <li>
51575284 <p> If one of the following is true
51585285
51595286 <ul class=brief>
5160- <li><p><var> response</var> 's <a for=response>type</a> is "<code> error</code> "
5161-
51625287 <li><p><var> request</var> 's <a for=request>mode</a> is "<code> same-origin</code> " and
51635288 <var> response</var> 's <a for=response>type</a> is "<code> cors</code> "
51645289
@@ -5246,6 +5371,10 @@ these steps:
52465371 <a>CORS check</a> , as <var> request</var> 's <a for=request>client</a> and the service worker can
52475372 have different embedder policies.
52485373
5374+ <li> If <var> request</var> 's <a for=request>is HTTPS upgrade</a> is set, set <var> response</var> and
5375+ <var> internalResponse</var> to the result of running <a>HTTPS upgrade fallback</a> given
5376+ <var> request</var> and <var> response</var> .
5377+
52495378 <li>
52505379 <p> If <var> internalResponse</var> 's <a for=response>status</a> is a <a>redirect status</a> :
52515380
0 commit comments