The Web Application Security Working Group has published Candidate Recommendations for two documents that help Web authors and users toward secure, authenticated browsing:
- Upgrade Insecure Requests defines a mechanism which allows authors to instruct a user agent to upgrade a priori insecure resource requests to secure transport before fetching them.
- Mixed Content describes how a user agent should handle fetching of content over unencrypted or unauthenticated connections in the context of an encrypted and authenticated document.
by Maria Auday via W3C News
No comments:
Post a Comment