https://bugzilla.wikimedia.org/show_bug.cgi?id=38516
--- Comment #16 from dkee...@mozilla.com --- (In reply to comment #10) > Let's assume we need to turn off HSTS for a really great reason, like a > country > being blocked on HTTPS. How would those users get the expired header if they > can't reach the site? They wouldn't be able to. They would have to manually clear the cached HSTS information (in Firefox, users can do this by using "Clear Recent History -> Site Preferences"). (In reply to comment #15) > I meant in reference to comment 4, which mentioned that if somebody uses it > on > a shared computer then it will use TLS for practically ever. We could make it > so logging out causes HSTS to be disabled, although honestly it'd be better > if > we didn't now that I think about it... The weak point of HSTS is the first connection. By doing this, there would be many more first connections for things to go wrong. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
