Comment 5 for bug 1765834

Revision history for this message
Jeremy Stanley (fungi) wrote :

Is there a means of capturing the headers of a PUT request without an already compromised channel (hacked Swift infrastructure, compromised client system, man-in-the-middle HTTPS...)? Is this commonly deployed via plain, unsecured HTTP for example? If not, I'd be inclined to consider this a security hardening opportunity and continue working the bug in public rather than under embargo.