... It is not always appropriate to let any HTTP resource which can set a header "speak for" the entire origin.
-
-
@BRIAN_____@mnot I mean in browsers, if I push a /.well-known URL, will browser give it special treatment a-la header parsing? -
@hillbrad@BRIAN_____@mnot No, not aware of any browser or feature that does this or relies on it.
End of conversation
New conversation -
-
-
@BRIAN_____@mnot imagine I wanted to do HPKP with .well-known, but don't want browser to do favicon style polling... -
-
@BRIAN_____@mnot nobody wants that. One alternative could be to push a policy statement in HTTPS stream or JS w/"stapled" DNSSEC authority - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.