https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
Tyler Romeo <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #9 from Tyler Romeo <[email protected]> --- Note that you can disable HSTS at any point by sending the header with an expiry that already expired (similar to how it's done with cookies). This is what Extension:SecureSessions does to implement HSTS in MediaWiki, and as long as Squid/Varnish allows MediaWiki to override the HSTS header it sends somehow, it should still be possible even with an HTML cache. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
