Upgrade to https links (#295)

* Links updated and tested * Fixed broken link * Fixes #294
ryandel8834 · Feb 18, 2018 · e411f4e · e411f4e
1 parent 6f49f01
commit e411f4e
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/index.src.html b/index.src.html
@@ -128,7 +128,7 @@ <h1>Content Security Policy Level 3</h1>
     text: group
     text: queue report; url: queue-report
 
-spec: SHA2; urlPrefix: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
+spec: SHA2; urlPrefix: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
   type: dfn
     text: SHA-256; url: #
     text: SHA-384; url: #
@@ -154,7 +154,7 @@ <h1>Content Security Policy Level 3</h1>
     "publisher": "ECMA"
   },
   "SHA2": {
-    "href": "http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
+    "href": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
     "title": "FIPS PUB 180-4, Secure Hash Standard"
   },
   "REPORTING": {
@@ -163,7 +163,7 @@ <h1>Content Security Policy Level 3</h1>
     "authors": [ "Ilya Gregorik", "Mike West" ]
   },
   "TIMING": {
-      "href": "http://www.contextis.com/documents/2/Browser_Timing_Attacks.pdf",
+      "href": "https://www.contextis.com/media/downloads/Pixel_Perfect_Timing_Attacks_with_HTML5_Whitepaper.pdf",
       "title": "Pixel Perfect Timing Attacks with HTML5",
       "authors": [ "Paul Stone" ],
       "publisher": "Context Information Security"
@@ -4200,7 +4200,7 @@ <h3 id="source-list-paths-and-redirects">Paths and Redirects</h3>
 
   To avoid leaking path information cross-origin (as discussed
   in Egor Homakov's
-  <a href="http://homakov.blogspot.de/2014/01/using-content-security-policy-for-evil.html">Using Content-Security-Policy for Evil</a>),
+  <a href="https://homakov.blogspot.de/2014/01/using-content-security-policy-for-evil.html">Using Content-Security-Policy for Evil</a>),
   the matching algorithm ignores the path component of a source
   expression if the resource being loaded is the result of a
   redirect. For example, given a page with an active policy of
@@ -4222,7 +4222,7 @@ <h3 id="source-list-paths-and-redirects">Paths and Redirects</h3>
   necessary compromise to avoid brute-forced information leaks of this type.
 
   The relatively long thread
-  <a href="http://lists.w3.org/Archives/Public/public-webappsec/2014Feb/0036.html">"Remove paths from CSP?"</a>
+  <a href="https://lists.w3.org/Archives/Public/public-webappsec/2014Feb/0036.html">"Remove paths from CSP?"</a>
   from public-webappsec@w3.org has more detailed discussion around alternate proposals.
 
   <h3 id="security-secure-upgrades">Secure Upgrades</h3>