In the wake of Sniffly, it seems pretty reasonable to prevent folks from locking themselves into insecurity. To that end, Insecure schemes in source expressions now match their secure variants. That is, `http:` is equivalent to `http: https:`, and `http://a.com` to `http://a.com https://a.com`.

Specification

Specification link


Specification being incubated in a Community Group

Status in Chromium

Blink


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Shipped/Shipping
  • No signal
  • No signal
  • No signals

Owner

Last updated on 2020-11-09