Re: [MIX] Interaction between HSTS and mixed content blocking

On Wed, Nov 19, 2014 at 10:07 PM, Brian Smith <> wrote:
> The mixed content document should specify how http:// links for HSTS
> origins work: does the blocking happen before or after the internal
> redirect?

Per it is after per suggestions from
HSTS' Jeff. This does not quite align with implementations. It's also
a bit unclear whether this is best, since it depends on which HSTS
domains you visited what the results will be. Perhaps we should make a
same-origin restriction here.


Received on Wednesday, 19 November 2014 21:22:32 UTC