amphtml icon indicating copy to clipboard operation
amphtml copied to clipboard

Published 20 hours ago verified publisher icon ampproject

Add support for Content-Security-Policy's "upgrade-insecure-requests" meta tag

Open tomayac opened this issue 8 years ago • 7 comments
trafficstars

Currently adding the Content Security meta tag to upgrade insecure requests

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

results in the error message

The attribute 'http-equiv' may not appear in tag 'meta name= and content='.

Can we add support for it?

(CC: @mikewest, @cramforce)

tomayac avatar Jan 12 '17 08:01 tomayac

Since we would strip this on cache delivery (that has its own, different CSP), I think the right solution is just to use a HTTP header instead.

cramforce avatar Jan 12 '17 15:01 cramforce

@cramforce Pleading for re-opening. This issue seems to pop up again with the rise of JAMstack static site builders where people cannot necessarily modify raw headers.

tomayac avatar Aug 19 '19 08:08 tomayac

Hmm, I'm certainly not opposed to doing this. @Gregable

cramforce avatar Aug 19 '19 14:08 cramforce

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Feb 09 '21 15:02 stale[bot]

I have stopped caring personally, but it still sounds like a good feature to support. So, stale 🤖, keep this open, please.

tomayac avatar Feb 09 '21 17:02 tomayac

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 12 '22 00:08 stale[bot]

I have stopped caring personally, but it still sounds like a good feature to support. So, stale 🤖, keep this open, please.

tomayac avatar Aug 12 '22 08:08 tomayac