W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2015

Re: HSTS Priming, continued.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 12 Nov 2015 10:11:10 +0100
Message-ID: <CADnb78hVMQjqekQ5tS-pa71f6bEYZNzLvBoQK4nkWJdFAfeUJg@mail.gmail.com>
To: David Illsley <davidillsley@gmail.com>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Nov 11, 2015 at 9:05 PM, David Illsley <davidillsley@gmail.com> wrote:
> While HEAD requests to / could be special-cased to be processed, but not
> actually persisted, it seems like a pretty messy set of logic.

You missed the part where the HSTS preflight will be done over HTTPS.


-- 
https://annevankesteren.nl/
Received on Thursday, 12 November 2015 09:11:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:16 UTC