incorrect hsts handling with http
Bug #1130395 reported by
Kevin Fenzi
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Midori Web Browser |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
Midori doesn't seem to behave right handling HSTS sites.
Go to:
http://
This will have:
Strict-
header.
However, since it's over http, it SHOULD NOT honor it.
See:
http://
section 8.1
Instead it does honor it and loads the https site.
Gtklauncher, arora and epiphany all show the http site, so this looks like a bug in midori and not webkitgtk.
Revision history for this message
| Kevin Fenzi (kevin-launchpad) wrote | #1 |
| Changed in midori: | |
| status: | New → Incomplete |
| summary: |
- incorrect hsts handling + incorrect hsts handling with http |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in midori: | |
| status: | Incomplete → Expired |
Revision history for this message
| Kevin Fenzi (kevin-launchpad) wrote | #4 |
To post a comment you must log in.
To clarify, it MUST NOT honor the header. (not a SHOULD NOT, but a MUST NOT).