Join GitHub today
net/http: http.Transport: support HSTS (Strict-Transport-Security) #10697
It doesn't seem that net/http's http.Transport supports HSTS (HTTP Strict-Transport-Security, http://tools.ietf.org/html/rfc6797). Is it something we could add?
Initially, I'm thinking just the http->https upgrade bit and not certificate pins. Also, just dynamic mode and not static configuration like Chromium has.
This doesn't seem relevant to the
Plus, any HSTS state should usually persist longer than the lifetime of a given Go process, so it necessarily involves writing state somewhere, which is outside the scope of the
Tentatively closing this bug, unless I'm convinced otherwise.
/cc @agl for opinions, if any.