Add `upgrade-insecure-requests` directive to Content Security Policy #15556

robhudson · 2024-11-22T23:51:35Z

This issue proposes adding the upgrade-insecure-requests directive to our Content Security Policy (CSP). The upgrade-insecure-requests directive automatically upgrades HTTP requests to HTTPS, helping enforce secure communication for all resources while ensuring compatibility with legacy HTTP links.

The text was updated successfully, but these errors were encountered:

This was referenced Nov 22, 2024

Can we tighten up our CSP? #11943

Open

Add upgrade-insecure-requests directive to report-only CSP #15557

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add `upgrade-insecure-requests` directive to Content Security Policy #15556

Add `upgrade-insecure-requests` directive to Content Security Policy #15556

robhudson commented Nov 22, 2024 •

edited

Loading

Add upgrade-insecure-requests directive to Content Security Policy #15556

Add upgrade-insecure-requests directive to Content Security Policy #15556

Comments

robhudson commented Nov 22, 2024 • edited Loading

Add `upgrade-insecure-requests` directive to Content Security Policy #15556

Add `upgrade-insecure-requests` directive to Content Security Policy #15556

robhudson commented Nov 22, 2024 •

edited

Loading