Re: Redirects and HSTS from Anne van Kesteren on 2014-09-26 (public-webappsec@w3.org from September 2014)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 26 Sep 2014 22:09:58 +0200
To: Ryan Sleevi <sleevi@google.com>
Cc: Mike West <mkwst@google.com>, Tanvi Vyas <tanvi@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CADnb78g4jR2BVdjxM+J74S+KUP54h+BoDyrbMt2KW+2yxydNxA@mail.gmail.com>

On Fri, Sep 26, 2014 at 10:07 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> That does seem to cover it, although the first sentence makes it sound
> more difficult than it really is.

However, could this attack be avoided if we never applied HSTS to
resources loaded from a document on a different origin?

-- 
https://annevankesteren.nl/

Received on Friday, 26 September 2014 20:10:26 UTC