+sleevi On Fri, Sep 26, 2014 at 2:24 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Fri, Sep 26, 2014 at 2:15 PM, Mike West <mkwst@google.com> wrote: > > Yes, I think that's true. > > Perhaps Gecko's stance that HSTS rewriting happens after Mixed Content > is correct. At least for non-same-origin HSTS. :-( > That's how Chrome implements it, actually. Ryan, et al, are dead-set against moving HSTS before mixed content checking, as he claims (correctly) that HSTS only protects those browsers that support it. If we don't throw errors, we're throwing Safari and IE users under a bus. -mikeReceived on Friday, 26 September 2014 12:27:42 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC