On 2012-01-16 03:50, =JeffH wrote:
... though, I remain curious as to why the STS parsing in Firefox & Chrome is apparently each a one-off and doesn't use the more generic HTTP header-field parsing routines that are available and which appear to handle quoted-string, arbitrary header field parameter ordering, etc. ...
Well. One reason for that is that STS is indeed different from other header fields (for instance, things like Content-Type, Expect, or Cache-Control).
To enable UAs to re-use code, you need to specify the header field so that code can indeed be re-used.
Best regards, Julian _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
