- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 21 Oct 2021 10:44:22 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 21 October 2021 17:44:34 UTC
@annevk commented on this pull request.
> @@ -3873,11 +3884,16 @@ steps:
<li>Matching <var>request</var>'s <a for=request>current URL</a>'s <a for=url>host</a> per
<a href=https://datatracker.ietf.org/doc/html/rfc6797#section-8.2>Known HSTS Host Domain Name Matching</a>
results in either a superdomain match with an asserted <code>includeSubDomains</code> directive
- or a congruent match (with or without an asserted <code>includeSubDomains</code> directive).
- [[!HSTS]]
+ or a congruent match (with or without an asserted <code>includeSubDomains</code> directive) or
+ DNS resolution for the request finds a matching HTTPS RR per
+ <a href=https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https#section-8.5>HTTP Strict Transport Security</a>.
+ [[!HSTS]][[!SVCB]]
Yeah, I think you're right.
Perhaps I'm misremembering what needs to be special cased. It might be around CORS. That the redirect has to accept CORS in some fashion as otherwise things would fail before you actually get to the actual request.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1325#discussion_r733913608
Received on Thursday, 21 October 2021 17:44:34 UTC