I *thought* that was the case (no automated removals unless you get a response over HTTPS). The code is a bit hard to read.
Somebody should probably manually review the removals due to lack of connectivity, at least.
-
-
-
@aprilmpls Does https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/getHSTSPreloadList.js … have a design doc documenting the policy it expresses? -
The intended behavior is documented at https://wiki.mozilla.org/SecurityEngineering/HTTP_Strict_Transport_Security_(HSTS)_Preload_List … (as we've discovered, there seems to be a bug with IPv6-only sites)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.