Re: HSTS Priming, continued. from Anne van Kesteren on 2015-11-12 (public-webappsec@w3.org from November 2015)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 12 Nov 2015 10:11:10 +0100
To: David Illsley <davidillsley@gmail.com>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CADnb78hVMQjqekQ5tS-pa71f6bEYZNzLvBoQK4nkWJdFAfeUJg@mail.gmail.com>

On Wed, Nov 11, 2015 at 9:05 PM, David Illsley <davidillsley@gmail.com> wrote:
> While HEAD requests to / could be special-cased to be processed, but not
> actually persisted, it seems like a pretty messy set of logic.

You missed the part where the HSTS preflight will be done over HTTPS.


-- 
https://annevankesteren.nl/

Received on Thursday, 12 November 2015 09:11:38 UTC