- From: John Wilander <notifications@github.com>
- Date: Tue, 19 May 2020 06:52:13 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 19 May 2020 13:52:25 UTC
> @johnwilander thanks, and now that you block cross-site cookies, does that mean no cross-site fetch will have HSTS upgrading? Do you do anything special for HSTS preloads? The logic is still that of cookies are blocked for a cross-site load, then (dynamic) HSTS is ignored. Since all cross-site cookies are blocked by default, so is cross-site (dynamic) HSTS. I write dynamic HSTS above since the preload list is always respected. Preloaded HSTS cannot be used for setting a super cookie. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/920#issuecomment-630832987
Received on Tuesday, 19 May 2020 13:52:25 UTC