- From: Anne van Kesteren <notifications@github.com>
- Date: Wed, 30 May 2018 09:05:54 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 30 May 2018 16:06:22 UTC
That is solved by HSTS and if you use HTTPS without that, you're very much susceptible to attacks already. And since we cannot over anything better than HSTS, I'm not convinced it's worth adding an additional check at this layer for that concern. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/687#issuecomment-393219288
Received on Wednesday, 30 May 2018 16:06:22 UTC