From 44a94a6aafffff1eaa4693f48a22a4e1297f7477 Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Wed, 5 Aug 2020 03:07:11 -0400 Subject: [PATCH] Remove HTTPS state concept It did not get significant adoption. Part of #1062. Closes #270. --- fetch.bs | 59 +++++++------------------------------------------------- 1 file changed, 7 insertions(+), 52 deletions(-) diff --git a/fetch.bs b/fetch.bs index 8c7491ce3..1c45c0cdf 100644 --- a/fetch.bs +++ b/fetch.bs @@ -249,18 +249,6 @@ preferred. Unlike ASCII whitespace this excludes U+000C FF.

An HTTP whitespace byte is an HTTP newline byte or HTTP tab or space byte. -

An HTTPS state value is "none", -"deprecated", or "modern". - -

A response delivered over HTTPS will -typically have its HTTPS state set to -"modern". A user agent can use "deprecated" in a transition -period. E.g., while removing support for a hash function, weak cipher suites, certificates for an -"Internal Name", or certificates with an overly long validity period. How exactly a user agent can -use "deprecated" is not defined by this specification. An -environment settings object typically derives its -HTTPS state from a response. -

To collect an HTTP quoted string from a string input, given a position variable position @@ -1840,11 +1828,6 @@ message as HTTP/2 does not support them. -

A response has an associated -HTTPS state (an -HTTPS state value). Unless stated otherwise, it is -"none". -

A response has an associated CSP list, which is a list of Content Security Policy objects @@ -3299,7 +3282,8 @@ these steps: URL's origin

  • origin's scheme is "https" or - response's HTTPS state is "none" + response's URL's scheme is not + "https"

    then return allowed. @@ -3646,8 +3630,7 @@ optionally with a recursive flag, run these steps:

  • Return a new response whose status is - noCorsResponse's status, HTTPS state is - noCorsResponse's HTTPS state, and CSP list + noCorsResponse's status, and CSP list is noCorsResponse's CSP list.

    This is only an effective defense against side channel attacks if @@ -3873,10 +3856,7 @@ optionally with a recursive flag, run these steps: response whose status message is `OK`, header list consist of a single header whose name is `Content-Type` and value is - `text/html;charset=utf-8`, body is the empty byte sequence, and - HTTPS state is request's client's - HTTPS state if request's - client is non-null. + `text/html;charset=utf-8`, and body is the empty byte sequence.

    Otherwise, return a network error. @@ -3916,11 +3896,6 @@ optionally with a recursive flag, run these steps: response's header list. -

  • Set response's - HTTPS state to request's - client's HTTPS state - if request's client is non-null. -

  • Set response's body to the result of performing the read operation on blob. @@ -3954,11 +3929,8 @@ optionally with a recursive flag, run these steps: `OK`, header list consist of a single header whose name is `Content-Type` and value is dataURLStruct's MIME type, - serialized, body is - dataURLStruct's body, and - HTTPS state is request's client's - HTTPS state if request's - client is non-null. + serialized, and body is + dataURLStruct's body.

    "file" @@ -3985,8 +3957,7 @@ optionally with a recursive flag, run these steps:
  • Return a response whose status message is `OK`, header list consists of a single header whose name is `Content-Type` and whose value is - mime, body is body, and - HTTPS state is "none". + mime, and body is body.

    When in doubt, return a network error. @@ -4867,18 +4838,6 @@ Range Requests. [[HTTP-RANGE]] However, this is not widely supported by b

  • Otherwise, return a network error. -

    If response was retrieved over HTTPS, set its - HTTPS state to either - "deprecated" or "modern". - [[!TLS]] - -

    The exact determination here is up to user agents for the - time being. User agents are strongly encouraged to only succeed HTTPS connections with - strong security properties and return - network errors otherwise. Using the - "deprecated" state value ought to be a temporary and last resort kind - of option. -

    Transmit body for request. @@ -6679,10 +6638,6 @@ constructor steps are:

  • Set this's MIME type to the result of extracting a MIME type from this's response's header list. - -

  • Set this's response's HTTPS state to - this's relevant settings object's - HTTPS state.

    The static error() method steps are: