- From: John Wilander <notifications@github.com>
- Date: Mon, 19 Aug 2019 06:32:12 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 19 August 2019 13:32:34 UTC
We actually don’t double-key HSTS. Instead, we 1) restrict setting HSTS to only the first party registrable domain and the first party exact domain, and 2) we don’t apply HSTS to third party requests to domains we are blocking cookies for. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/920#issuecomment-522576895
Received on Monday, 19 August 2019 13:32:34 UTC