On 2012-01-14 01:24, =JeffH wrote:
In terms of this question of whether the STS header field directive ABNF
should be..
1) directive = token [ = ( token | quoted-string ) ]
..or..
2) directive = token [ = token ]
..I can see both sides of the argument.
However, I've been thinking about it
Interesting.
But I don't see how subdomains help. If I have a website called
charcount-5.example.com, and I use a wildcard *.example.com certificate, the
HSTS entry is still written for charcount-5.example.com. Adding subdomains
would affect *.charcount-5.example.com, not 0-H.example.com.
I
Why not just postMessage of the HTML form element? If you want be
more sneaky about it, you can just the HTTP cache. Anyway, web sites
are allowed to send messages to each other.
Adam
On Sat, Jan 14, 2012 at 6:52 PM, websec issue tracker
trac+web...@trac.tools.ietf.org wrote:
#34: HSTS cache