diff options
| author | trav90 <travawine@palemoon.org> | 2018-06-05 22:23:30 -0500 |
|---|---|---|
| committer | trav90 <travawine@palemoon.org> | 2018-06-05 22:23:30 -0500 |
| commit | a32e0cb8c787b42e78e6a2c977523eff866436ca (patch) | |
| tree | d4810f290453669a4c702f9a276a1046b906c5bd /security/manager/tools/genHPKPStaticPins.js | |
| parent | a421f38160599152cd409e4fabd434a224f78487 (diff) | |
| download | UXP-a32e0cb8c787b42e78e6a2c977523eff866436ca.tar UXP-a32e0cb8c787b42e78e6a2c977523eff866436ca.tar.gz UXP-a32e0cb8c787b42e78e6a2c977523eff866436ca.tar.lz UXP-a32e0cb8c787b42e78e6a2c977523eff866436ca.tar.xz UXP-a32e0cb8c787b42e78e6a2c977523eff866436ca.zip | |
Update HSTS preload list generation script
Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL.
New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list.
The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser.
Bonus: it keeps our HSTS preload list lean.
Diffstat (limited to 'security/manager/tools/genHPKPStaticPins.js')
0 files changed, 0 insertions, 0 deletions