Skip to content
Permalink
Browse files

Apply HSTS to WebSocket

  • Loading branch information...
annevk committed Sep 17, 2015
1 parent a55d6e6 commit 8b46c205cc2b54bb4d57bd7ad12baf9492e40edd
Showing with 18 additions and 0 deletions.
  1. +18 −0 source
18 source
<p>The following terms are defined in the WHATWG URL standard: <ref spec=URL></p>

<ul class="brief">
<li><dfn data-noexport="" data-x="concept-domain" data-x-href="https://url.spec.whatwg.org/#concept-domain">domain</dfn>
<li><dfn data-noexport="">URL</dfn>
<li><dfn data-noexport="" data-x="concept-url-origin" data-x-href="https://url.spec.whatwg.org/#concept-url-origin">Origin</dfn> of URLs
<li><dfn data-noexport="">Absolute URL</dfn>
settings object</span> has a scheme component that is itself a secure protocol, e.g. HTTPS, then
throw a <code>SecurityError</code> exception and abort these steps.</p></li>

<li>
<p>If <var>secure</var> is false, <var>host</var> is a <span
data-x="concept-domain">domain</span>, and matching <var>host</var> per <a
href="https://tools.ietf.org/html/rfc6797#section-8.2">Known HSTS Host Domain Name Matching</a>
results in either a superdomain match with an asserted <code data-x="">includeSubDomains</code>
directive or a congruent match (with or without an asserted <code
data-x="">includeSubDomains</code> directive), then run these substeps: <ref spec=HSTS></p>

<ol>
<li><p>Set <var>secure</var> to true.</p></li>

<li><p>If <var>port</var> is 80, set <var>port</var> to 443.</p></li>
</ol>

<li>

<p>If <var>port</var> is a port to which the user agent is configured to block access, then
<dd><cite><a href="https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/HighResolutionTime/Overview.html">High Resolution Time</a></cite>, J. Mann. W3C.</dd>
<!-- or http://www.w3.org/TR/hr-time/ ? it's highly unclear what URL is the one that would have the latest changes -->

<dt id="refsHSTS">[HSTS]</dt>
<dd><cite><a href="https://tools.ietf.org/html/rfc6797">HSTS</a></cite>, J. Hodges, C. Jackson, A. Barth. IETF.</dd>

<dt id="refsHTML">[HTML]</dt>
<dd><cite><a href="https://html.spec.whatwg.org/">HTML</a></cite>, I. Hickson. WHATWG.</dd>

0 comments on commit 8b46c20

Please sign in to comment.
You can’t perform that action at this time.