Do you have legacy contents and apps that call resources from HTTP?
When your secured (i.e., HTTPS) webpage or application tries to load assets from insecure source, chrome and other browsers display this security warning message.
An obvious solution would be for you to fix your webpage or application so that requests to insecure connection is not made.
However, you might be in a situation where you can’t fix your page or application right away.
The upgrade-insecure-requests CSP directive comes very handy if you are in such a situation. The upgrade-insecure-requests upgrades the request to be secure and forces it over the HTTPS scheme.
Don’t get confused. This will not allow your webpage or application to make a successful request to insecure assets.
What is does it that it enforces secure connection and gets rid of the warning message on your browser.
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
Categorized in: Web Development
This post was written by hackya