I read something else in the RFC (section-11.4*)* that seemed like a
contraction to your references, but after re-reading it I believe the
Firefox for Linux Mint implementation is correct per the RFC though
problematic for my configuration. I still have a question as to why
Firefox for Windows
> It seems like the handling of HSTS is incorrect in Firefox on Linux Mint
> per RFC6797 11.4.1,
>
https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
> and when compared to Google Chrome. I don't have the includeSubDomains
> flag set in the Strict-Transport-S
It may be best to report it on bugzilla. That link should go to the
right component:
https://bugzilla.mozilla.org/enter_bug.cgi?assigned_to=nobody%40nss.bugs&bug_file_loc=http%3A%2F%2F&bug_ignored=0&bug_severity=normal&bug_status=NEW&component=Libraries&contenttypemethod=autodetect&contenttypesel
It seems like the handling of HSTS is incorrect in Firefox on Linux Mint
per RFC6797 11.4.1,
https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
and when compared to Google Chrome. I don't have the includeSubDomains
flag set in the Strict-Transport-Security HTT
4 matches
Mail list logo