From 3e2354cb535374d6f49f150b4346aee875bad851 Mon Sep 17 00:00:00 2001 From: Mark Nottingham Date: Tue, 8 May 2018 09:25:54 +1000 Subject: [PATCH] mention HSTS Fixes #613 --- draft-ietf-httpbis-bcp56bis.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-httpbis-bcp56bis.md b/draft-ietf-httpbis-bcp56bis.md index a6a7a7ed8..48490aaa7 100644 --- a/draft-ietf-httpbis-bcp56bis.md +++ b/draft-ietf-httpbis-bcp56bis.md @@ -382,7 +382,7 @@ caveats to keep in mind: * Features that rely upon the URL's origin {{?RFC6454}}, such as the Web's same-origin policy, will be impacted by a change of scheme. -* HTTP-specific features such as cookies {{?RFC6265}}, authentication {{?RFC7235}}, caching {{?RFC7234}}, and CORS {{FETCH}} might or might not work correctly, depending on how they are defined and implemented. Generally, they are designed and implemented with an assumption that the URL will always be "http" or "https". +* HTTP-specific features such as cookies {{?RFC6265}}, authentication {{?RFC7235}}, caching {{?RFC7234}}, HSTS {{?RFC6797}}, and CORS {{FETCH}} might or might not work correctly, depending on how they are defined and implemented. Generally, they are designed and implemented with an assumption that the URL will always be "http" or "https". * Web features that require a secure context {{?SECCTXT=W3C.CR-secure-contexts-20160915}} will likely treat a new scheme as insecure.