diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-05-30 12:47:56 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-30 12:47:56 +0200 |
commit | 9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed (patch) | |
tree | 7512b05f873bcfe8d0f79c34370d0bebad70a07f /modules | |
parent | 6e8846622a79549542adaca58d741d9263daf686 (diff) | |
parent | bd851735628cd6b07285e87fa60081e9d11a3b7e (diff) | |
download | UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.gz UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.lz UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.tar.xz UXP-9f6194d00034f0bd67d2b8c97fd26586d2a7a9ed.zip |
Merge pull request #412 from g4jc/hsts_priming_removal_backport
Remove support and tests for HSTS priming from the tree. Fixes #384
Diffstat (limited to 'modules')
-rw-r--r-- | modules/libpref/init/all.js | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 16ab85485..4fdc2676a 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -5437,23 +5437,6 @@ pref("media.block-autoplay-until-in-foreground", false); pref("layout.css.servo.enabled", true); #endif -// HSTS Priming -// If a request is mixed-content, send an HSTS priming request to attempt to -// see if it is available over HTTPS. -#ifdef RELEASE_OR_BETA -// Don't change the order of evaluation of mixed-content and HSTS upgrades in -// order to be most compatible with current standards -pref("security.mixed_content.send_hsts_priming", false); -pref("security.mixed_content.use_hsts", false); -#else -// Change the order of evaluation so HSTS upgrades happen before -// mixed-content blocking -pref("security.mixed_content.send_hsts_priming", true); -pref("security.mixed_content.use_hsts", true); -#endif -// Approximately 1 week default cache for HSTS priming failures -pref ("security.mixed_content.hsts_priming_cache_timeout", 10080); - // TODO: Bug 1380959: Block toplevel data: URI navigations // If true, all toplevel data: URI navigations will be blocked. // Please note that manually entering a data: URI in the |