W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: Redirects and HSTS

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sat, 27 Sep 2014 08:37:47 +0200
Message-ID: <CADnb78jUh+Vd2CynGOzBNbuTqAGwfAd4M6dFJkmNt4x7cDTisA@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: Mike West <mkwst@google.com>, WebAppSec WG <public-webappsec@w3.org>, Tanvi Vyas <tanvi@mozilla.com>
On Sat, Sep 27, 2014 at 2:38 AM, Daniel Veditz <dveditz@mozilla.com> wrote:
> Is it a "stance" or just how the code happened to work? The policy
> enforcement mechanism for content loading is undergoing changes in Gecko
> and unless this was a conscious design it might just start working the
> other way.

There's https://bugzilla.mozilla.org/show_bug.cgi?id=838395#c5 on
file. https://fetch.spec.whatwg.org/ currently requires HSTS before
Mixed Content, but we could flip it around.

Received on Saturday, 27 September 2014 06:38:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:40 UTC