incorrect hsts handling with http
Bug #1130395 reported by
Kevin Fenzi
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Midori Web Browser |
Expired
|
Undecided
|
Unassigned |
Bug Description
Midori doesn't seem to behave right handling HSTS sites.
Go to:
http://
This will have:
Strict-
header.
However, since it's over http, it SHOULD NOT honor it.
See:
http://
section 8.1
Instead it does honor it and loads the https site.
Gtklauncher, arora and epiphany all show the http site, so this looks like a bug in midori and not webkitgtk.
Changed in midori: | |
status: | New → Incomplete |
summary: |
- incorrect hsts handling + incorrect hsts handling with http |
To post a comment you must log in.
To clarify, it MUST NOT honor the header. (not a SHOULD NOT, but a MUST NOT).