[Webkit-unassigned] [Bug 210739] [SOUP] Downgrade requests upgraded by HSTS when cookies will be blocked by ITP
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 22 08:59:05 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210739
--- Comment #6 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Michael Catanzaro from comment #2)
> The point is simply that prevalent domains should not have HSTS.
Well one thing has changed: nowadays ITP blocks *all* third-party cookies. I guess this means HSTS should be disabled for all third-party resources?
Or does Safari still allow HSTS upgrades on non-prevalent third-party domains? We might investigate what Safari does. But it probably shouldn't, because that would be subject to the same issues discussed in https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/. (Note that ITP has since tightened "all third-party cookies blocked on websites without prior user interaction" to "all third-party cookies blocked without storage access API request.")
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200422/68c7d9c7/attachment.htm>
More information about the webkit-unassigned
mailing list