- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Fri, 26 Sep 2014 17:38:50 -0700
- To: Anne van Kesteren <annevk@annevk.nl>, Mike West <mkwst@google.com>
- CC: WebAppSec WG <public-webappsec@w3.org>, Tanvi Vyas <tanvi@mozilla.com>
On 9/26/2014 5:24 AM, Anne van Kesteren wrote: > Perhaps Gecko's stance that HSTS rewriting happens after Mixed Content > is correct. At least for non-same-origin HSTS. :-( Is it a "stance" or just how the code happened to work? The policy enforcement mechanism for content loading is undergoing changes in Gecko and unless this was a conscious design it might just start working the other way. Tanvi? -Dan Veditz
Received on Saturday, 27 September 2014 00:39:21 UTC