Re: [MIX] HSTS, SW and mixed-content

On Tue, Jan 27, 2015 at 4:08 PM, Mike West <mkwst@google.com> wrote:
> On Tue, Jan 27, 2015 at 3:49 PM, Yves Lafon <ylafon@w3.org> wrote:
>> Is the characterization of the potentially secure/a priori insecure URLs
>> done before or after applying HSTS URL rewriting?
>
> HSTS happens after mixed content checking. We've had a number of threads on
> this, and there are reasonable arguments on both sides, but this is, I
> think, where we've come down pretty solidly.

Note that the editor of HSTS preferred it the other way around, but
given that HSTS depends on a cache I think I've come around. File a
bug on Fetch to reorder them? Or are we going to wait until everything
is written in terms of Fetch?


-- 
https://annevankesteren.nl/

Received on Tuesday, 27 January 2015 15:23:18 UTC