Stack Overflow
Stack Overflow

Questions tagged [upgrade-insecure-requests]

7 questions
238
votes
2 answers

What is the "Upgrade-Insecure-Requests" HTTP header?

I made a POST request to a HTTP (non-HTTPS) site, inspected the request in Chrome's Developer Tools, and found that it added its own header before sending it to the server: Upgrade-Insecure-Requests: 1 After doing a search on…
user193130
  • 8,009
  • 4
  • 36
  • 64
5
votes
4 answers

How to enable and disable upgradeInsecureRequests csp directive using Helmet 4.4.1 version node.js module

I have tried this using Helmet 4.4.1 version both of them below sets to true for upgrade-insecure-requests CSP upgradeInsecureRequests: [] and upgradeInsecureRequests: ['true'] Which of the above format is correct to use?
hitendra
  • 159
  • 2
  • 9
2
votes
0 answers

Does the upgrade-insecure-requests csp header update form actions?

Having trouble finding an answer to this. If I set the CSP "upgrade-insecure-requests" header on a page will it upgrade form actions? The MDN docs on the topics say "non-navigational insecure resource requests" are upgraded, but it's not clear if…
derikb
  • 59
  • 1
  • 7
1
vote
0 answers

How to deny / reject Upgrade-Insecure-Requests and keep HTTP

I am working on a web application that is hosted in the internet, but shall be able to use a REST API provided by a local HTTP-printserver. The problem is, that when the application is accessed via HTTPS, all my XmlHttpRequest to the local…
minlux
  • 21
  • 4
1
vote
0 answers

.htaccess -- https redirect and 302 status - moved temporaly cronjob error

I'm having the following problem: I setted the cronjob every 5 minutes to execute a php script I have in my public_html folder and every time it tries to execute it, I get the next thing (errors r being sent on my mail): Status: 302 Moved…
ManHelio
  • 11
  • 1
0
votes
1 answer

Added Meta tag missing from head when Nextjs app is built

I added a new meta tag to next/head import Head from "next/head"; export default function Home() { return ( <> Hello world!
gameveloster
  • 901
  • 1
  • 6
  • 18
0
votes
1 answer

rails 4.2.6 upgrade-insecure-requests CSP meta how to put in the head?

I have a Rails 4.2.6 application running. In some of my pages, I use iframe to put Google Map Embedded api to show maps of some locations. My whole website is https secured using letsencrypt. However the pages that use google map api always get a…
joshhu
  • 23
  • 8