From 4e7c3c12d32ad3e8d939dfd2fcd7fca84d42cd9c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 31 May 2015 00:39:19 +0200
Subject: [PATCH] 5.6 Refuse "downgrade" redirects

---
 docs/TODO | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/TODO b/docs/TODO
index 0ffa8df81..7791ea291 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -49,6 +49,7 @@
  5.3 Rearrange request header order
  5.4 SPDY
  5.5 auth= in URLs
+ 5.6 Refuse "downgrade" redirects
 
  6. TELNET
  6.1 ditch stdin
@@ -348,6 +349,14 @@ This is not detailed in any FTP specification.
 
  Additionally this should be implemented for proxy base URLs as well.
 
+5.6 Refuse "downgrade" redirects
+
+ See https://github.com/bagder/curl/issues/226
+
+ Consider a way to tell curl to refuse to "downgrade" protocol with a redirect
+ and/or possibly a bit that refuses redirect to change protocol completely.
+
+
 6. TELNET
 
 6.1 ditch stdin
-- 
2.40.0