[Webkit-unassigned] [Bug 199439] Force HSTS for sites that doesn't support HTTPS

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 8 04:33:24 PDT 2019


--- Comment #4 from Mykola Dekhtiarenko <Mykola_Dekhtiarenko at icloud.com> ---
I have checked responses and yes, origin returns "Strict-Transport-Security: max-age=31536000; includeSubDomains" header.

I've deleted website data and it haven't helped. To stop such behavior I should also delete HSTS.plist file but it works only until visiting original one.

If it's expected behavior is it any switch or extension with which it's possible to turn it off for testing purpose? And I should mention this again it behaves like that only in Safari, so, I just wonder why is it different?

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190708/22e8d616/attachment-0001.html>

More information about the webkit-unassigned mailing list