@@ -2157,6 +2157,17 @@ Unless stated otherwise, it is false.
21572157
21582158<p class=note> This flag is for exclusive use by HTML's render-blocking mechanism. [[!HTML]]
21592159
2160+ <p> A <a for=/>request</a> has an associated boolean <dfn export for=request>is HTTPS upgrade</dfn> .
2161+ Unless stated otherwise, it is false.
2162+
2163+ <p class=note> This is for exclusive use by HTTPS Upgrading algorithm.
2164+
2165+ <p> A <a for=/>request</a> has an associated
2166+ <dfn export for=request>HTTPS upgrade fallback URL</dfn> , which is null or a <a for=/>URL</a> .
2167+ Unless otherwise stated, it is null.
2168+
2169+ <p class=note> This is for exclusive use by HTTPS Upgrading algorithm.
2170+
21602171<hr>
21612172
21622173<p> A <a for=/>request</a> has an associated
@@ -3265,6 +3276,106 @@ through TLS using ALPN. The protocol cannot be spoofed through HTTP requests in
32653276</div>
32663277
32673278
3279+ <h3 id=https-upgrades>HTTPS upgrading</h3>
3280+
3281+ <p> User agents may optionally upgrade requests with URLs that are not
3282+ <a>potentially trustworthy URLs</a> to attempt to fetch them over
3283+ <a>potentially trustworthy URLs</a> . If an upgraded request fails with a network error, it is
3284+ retried over the original URL.
3285+
3286+ <p> The HTTPS upgrading algorithm consists of <a>upgrade an HTTP request</a> and
3287+ <a>HTTPS upgrade fallback</a> algorithms.
3288+
3289+ <h4 id=https-upgrades-upgrade>HTTPS upgrade algorithm</h4>
3290+ <div algorithm>
3291+
3292+ <p> To <dfn>upgrade an HTTP request</dfn> given a <a for=/>request</a> <var> request</var> :
3293+
3294+ <ol>
3295+ <li>
3296+ <p> If one or more of the following conditions are met, return:
3297+ <ul>
3298+ <li><p><var> request</var> 's <a for="request">destination</a> is not "<code> document</code> "
3299+
3300+ <li><p><var> request</var> 's <a for="request">method</a> is not "<code> GET</code> "
3301+
3302+ <li><p><var> request</var> 's <a for="request">URL</a>' s <a for="url">scheme</a> is not
3303+ "<code> http</code> "
3304+
3305+ <li><p><var> request</var> 's <a for="request">URL</a>' s <a for="url">host</a> is exempted from
3306+ upgrades in an <a>implementation-defined</a> way.
3307+ </ul>
3308+ </li>
3309+
3310+ <li>
3311+ <p> If <var> request</var> 's <a for=request>HTTPS upgrade fallback URL</a> is non-null, clear
3312+ <a for=request>is HTTPS upgrade</a> and <a for=request>HTTPS upgrade fallback URL</a> and return.
3313+
3314+ <p class=note> This is a fallback request that shouldn't be upgraded again.
3315+
3316+ <li>
3317+ <p> Otherwise, set the following fields:
3318+ <ul>
3319+ <li><p> Set <a for=request>HTTPS upgrade fallback URL</a> to <var> request</var> 's
3320+ <a for="request">URL</a> .
3321+
3322+ <li><p> Set <var> request</var> 's <a for="request">URL</a>' s <a for="url">scheme</a> to
3323+ "<code> https</code> ".
3324+
3325+ <li><p> Set <a for=request>is HTTPS upgrade</a> to true.
3326+ </ul>
3327+ </li>
3328+ </ol>
3329+ </div>
3330+
3331+ <h4 id=https-upgrades-fallback>Fallback algorithm</h4>
3332+ <div algorithm>
3333+
3334+ <p> To run <dfn>HTTPS upgrade fallback</dfn> given a <a for=/>request</a> <var> request</var> and
3335+ <a for=/>response</a> <var> response</var> :
3336+
3337+ <ol>
3338+ <li><p> If <var> request</var> 's <a for=request>is HTTPS upgrade</a> is not set, then return
3339+ <var> response</var> .
3340+
3341+ <li>
3342+ <p> If <var> response</var> is a <a>network error</a> :
3343+
3344+ <p class=note> This means that the upgrade failed and initiates a fallback load.
3345+
3346+ <ol>
3347+ <li><p> Let <var> fallbackResponse</var> be a new <a for=/>response</a> whose
3348+ <a for=response>header list</a> is « », and its <code> Location</code> header is set to
3349+ <var> request</var> 's <a for=request>HTTPS upgrade fallback URL</a> , and its
3350+ <a for="response">status</a> set to 307.
3351+
3352+ <li><p> Return <var> fallbackResponse</var> .
3353+ </ol>
3354+
3355+ <li>
3356+ <p> Return <var> response</var> .
3357+
3358+ <p class=note> This means the upgrade was successful.
3359+
3360+ </ol>
3361+
3362+ <p class=note> User agents can implement a fast-fallback path by canceling slow fetches on upgraded
3363+ requests, in order to quickly initiate a fallback http load.
3364+
3365+ </div>
3366+
3367+ <h4 id=http-upgrades-examples>Examples</h4>
3368+
3369+ <p id=example-https-upgrade-good-https class=example><code> a.com</code> serves both
3370+ <code> http://a.com</code> and <code> https://a.com</code> . An eligible request to
3371+ <code> http://a.com</code> will be upgraded to <code> https://a.com</code> .
3372+
3373+ <p id=example-https-upgrade-bad-https class=example><code> a.com</code> serves
3374+ <code> http://a.com</code> but refuses connections on <code> https://a.com</code> . An eligible
3375+ request to <code> http://a.com</code> will be upgraded to <code> https://a.com</code> , but the fetch
3376+ will fail. A fallback request will be initiated to <code> http://a.com</code> .
3377+
3378+
32683379
32693380<h2 id=http-extensions>HTTP extensions</h2>
32703381
@@ -4445,6 +4556,14 @@ steps:
44454556
44464557 <li><p> <a>Upgrade <var>request</var> to a potentially trustworthy URL, if appropriate</a> .
44474558
4559+ <li>
4560+ <p> Optionally, run <a>upgrade an HTTP request</a> algorithm on <var> request</var> .
4561+
4562+ <p class=note> HTTPS upgrading only applies to requests with <a>HTTP(S) scheme</a> s, but it's done
4563+ in <a>main fetch</a> instead of <a>HTTP fetch</a> to ensure that
4564+ <a>upgrade a mixed content <var>request</var> to a potentially trustworthy URL, if appropriate</a>
4565+ step runs next and applies to the upgraded request.
4566+
44484567 <li><p> <a>Upgrade a mixed content <var>request</var> to a potentially trustworthy URL, if appropriate</a> .
44494568
44504569 <li><p> If <a lt="block bad port">should <var>request</var> be blocked due to a bad port</a> ,
@@ -5157,8 +5276,6 @@ these steps:
51575276 <p> If one of the following is true
51585277
51595278 <ul class=brief>
5160- <li><p><var> response</var> 's <a for=response>type</a> is "<code> error</code> "
5161-
51625279 <li><p><var> request</var> 's <a for=request>mode</a> is "<code> same-origin</code> " and
51635280 <var> response</var> 's <a for=response>type</a> is "<code> cors</code> "
51645281
@@ -5246,6 +5363,10 @@ these steps:
52465363 <a>CORS check</a> , as <var> request</var> 's <a for=request>client</a> and the service worker can
52475364 have different embedder policies.
52485365
5366+ <li><p> If <var> request</var> 's <a for=request>is HTTPS upgrade</a> is set, set <var> response</var>
5367+ and <var> internalResponse</var> to the result of running <a>HTTPS upgrade fallback</a> given
5368+ <var> request</var> and <var> response</var> .
5369+
52495370 <li>
52505371 <p> If <var> internalResponse</var> 's <a for=response>status</a> is a <a>redirect status</a> :
52515372
@@ -8716,7 +8837,7 @@ resource — for non-<a>CORS requests</a> as well as <a>CORS
87168837requests</a> — and do not use `<code> Vary</code> `.
87178838
87188839
8719- <h3 class=no-num id=websocket-protocol oldids=websocket-connections,websocket-opening-handshake,fail-the-websocket-connection,the-websocket-connection-is-established>WebSockets</h2 >
8840+ <h3 class=no-num id=websocket-protocol oldids=websocket-connections,websocket-opening-handshake,fail-the-websocket-connection,the-websocket-connection-is-established>WebSockets</h3 >
87208841
87218842<p> As part of establishing a connection, the {{WebSocket}} object initiates a special kind of
87228843<a for=/>fetch</a> (using a <a for=/>request</a> whose <a for=request>mode</a> is
@@ -8980,6 +9101,7 @@ done only by navigations). The <a>fetch controller</a> is also used to
89809101<a for=request>redirect mode</a> set to "<code> manual</code> ".
89819102
89829103
9104+
89839105<h2 id=acknowledgments class=no-num>Acknowledgments</h2>
89849106
89859107<p> Thanks to
0 commit comments