Re: [whatwg/fetch] Specify exception to redirect-tainting: Upgrade-Insecure-Requests (UIR) and HSTS scheme upgrades (Issue #1551) from Rob Wu on 2022-11-28 (public-webapps-github@w3.org from November 2022)

From: Rob Wu <notifications@github.com>
Date: Mon, 28 Nov 2022 02:56:39 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1551/1328881328@github.com>

> I need to check again, but I was under the impression that UIR and HSTS aren't redirects in the fetch spec and thus should not trigger redirect tainting. (So this would just be an implementation bug in Firefox)

I haven't tried HSTS, but UIR - see test case at https://bugzilla.mozilla.org/show_bug.cgi?id=1800990

But regardless of implementation, the current spec forces a tainted state when the origin changes, even if it is just a scheme change.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1551#issuecomment-1328881328
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1551/1328881328@github.com>

Received on Monday, 28 November 2022 10:56:52 UTC