[Webkit-unassigned] [Bug 157885] New: CSP: Account for HSTS when deciding whether to send the 'Upgrade-Insecure-Requests' Header
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 18 23:33:47 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=157885
Bug ID: 157885
Summary: CSP: Account for HSTS when deciding whether to send
the 'Upgrade-Insecure-Requests' Header
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: bfulgham at webkit.org
The 'Upgrade-Insecure-Requests' specification <https://w3c.github.io/webappsec/specs/upgrade/> suggests an optimization to sending the header, limiting it to sites that are not known canonical HSTS targets.
We should implement this check and avoid adding the header when it is not needed.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160519/383f1b7a/attachment.html>
More information about the webkit-unassigned
mailing list