search

ampproject / amphtml

The AMP web component framework.
https://amp.dev
Apache License 2.0
14.89k stars 3.89k forks source link

Add support for Content-Security-Policy's "upgrade-insecure-requests" meta tag #7008

Open tomayac opened 7 years ago

tomayac commented 7 years ago

Currently adding the Content Security meta tag to upgrade insecure requests

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

results in the error message

The attribute 'http-equiv' may not appear in tag 'meta name= and content='.

Can we add support for it?

(CC: @mikewest, @cramforce)

cramforce commented 7 years ago

Since we would strip this on cache delivery (that has its own, different CSP), I think the right solution is just to use a HTTP header instead.

tomayac commented 5 years ago

@cramforce Pleading for re-opening. This issue seems to pop up again with the rise of JAMstack static site builders where people cannot necessarily modify raw headers.

cramforce commented 5 years ago

Hmm, I'm certainly not opposed to doing this. @Gregable

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

tomayac commented 3 years ago

I have stopped caring personally, but it still sounds like a good feature to support. So, stale 🤖, keep this open, please.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

tomayac commented 2 years ago

I have stopped caring personally, but it still sounds like a good feature to support. So, stale 🤖, keep this open, please.