[Webkit-unassigned] [Bug 210739] [SOUP] Downgrade requests upgraded by HSTS when cookies will be blocked by ITP
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 23 07:35:21 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210739
--- Comment #12 from Michael Catanzaro <mcatanzaro at gnome.org> ---
That is: the UIR header always wins, since, if used, it eliminates the potential for HSTS abuse. We don't want to wind up downgrading those requests to HTTP even if they would otherwise be downgraded by HSTS Mitigation 2.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200423/58bf94d3/attachment.htm>
More information about the webkit-unassigned
mailing list