Chris KD
2018-09-17 09:51:51 UTC
Hi team,
As per *google_chrome_privacy, ''**Chrome will make a
cookieless request to http://www.gstatic.com/generate_204 and check the
response code. If that request is redirected, Chrome will open the redirect
target in a new tab on the assumption that it's a login page''.*
*However, as per **https://www.chromium.org/hsts ---- ''*An HSTS enabled
server can include the following header in an HTTPS reply:
Strict-Transport-Security: max-age=16070400; includeSubDomains
When the browser sees this, it will remember, for the given number of
seconds, that the current domain should only be contacted over HTTPS. In
the future, if the user types http:// or omits the scheme, HTTPS is the
default. In fact, all requests for URLs in the current domain will be
redirected to HTTPS.''
*Question is,* if there is a ''h*ttp://www.gstatic.com/generate_204'' URL
generated by Chrome and if there is a cookie for an HTTPS site that i'm
trying to access, would HSTS get triggered ?*
*Regards, *
*Chris*
As per *google_chrome_privacy, ''**Chrome will make a
cookieless request to http://www.gstatic.com/generate_204 and check the
response code. If that request is redirected, Chrome will open the redirect
target in a new tab on the assumption that it's a login page''.*
*However, as per **https://www.chromium.org/hsts ---- ''*An HSTS enabled
server can include the following header in an HTTPS reply:
Strict-Transport-Security: max-age=16070400; includeSubDomains
When the browser sees this, it will remember, for the given number of
seconds, that the current domain should only be contacted over HTTPS. In
the future, if the user types http:// or omits the scheme, HTTPS is the
default. In fact, all requests for URLs in the current domain will be
redirected to HTTPS.''
*Question is,* if there is a ''h*ttp://www.gstatic.com/generate_204'' URL
generated by Chrome and if there is a cookie for an HTTPS site that i'm
trying to access, would HSTS get triggered ?*
*Regards, *
*Chris*
--
--
Chromium Discussion mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+***@chromium.org.
--
Chromium Discussion mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+***@chromium.org.