On 4 Dec 2017, at 20:44, Daniel Jalkut <jal...@red-sweater.com> wrote:
> What else would explain this? There’s two common reasons for this: A. A cached HTTP-to-HTTPS redirect B. HSTS <https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security> I think you’ve ruled out A, so the most likely cause is B. And there’s two parts to that: B.1. Some sites are on the HSTS preload list. <https://hstspreload.org> B.2. For those not on the list, if the client ever sees the HSTS header it can cache that knowledge outside of the standard `NSURLCache`. I suspect B.2. is what’s going on here. That is, the HSTS entry has rewritten your HTTP URL to HTTPS before it hits the wire, and thus it’s never blocked by ATS. Share and Enjoy -- Quinn "The Eskimo!" <http://www.apple.com/developer/> Apple Developer Relations, Developer Technical Support, Core OS/Hardware _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to arch...@mail-archive.com
