Hi, I enabled HSTS for https://nghttp2.org a while back. Few days ago, I enabled Alt-Svc at http://nghttp2.org with h2="nghttp2.org:443". OE works fine with Firefox Nightly and so far so good. Then I got a comment[1] from twitter that "if there is HSTS, all requests should be https to start with, so no Alt-Svc." The comment is understandable when considering the effect of HSTS, but should Alt-Svc really be avoided in this case? If HSTS is used, we probably should do automatic redirect to https from http, so this scenario is not a real use case. [1] https://mobile.twitter.com/ericlaw/statuses/582217188062298113 Best regards, Tatsuhiro TsujikawaReceived on Monday, 30 March 2015 00:57:29 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC