On Monday, August 31, 2020 11:56:43 PM CEST Daniel Stenberg via curl-library wrote: > Hi! > > HTTP Strict Transport Security (HSTS) is (simply put) a way for an HTTPS > server to say that the host name should not be accessed over HTTP, only > HTTPS - for a set number of seconds into the future. > > I've started to work on an implementation for curl and while doing so, I've > put down some ideas in the wiki on how to interface this from curl and > libcurl. I'm interested in feedback: > > https://github.com/curl/curl/wiki/HSTS
The proposed interface looks reasonable to me. One minor remark: Why is `--hsts .` going to be used to specify in-memory mode when `--alt-svc ""` is already being used to specify in-memory mode elsewhere? Kamil > (In a completely unscientific poll on twitter, 60% of the 559 persons who > answered said they'd like to see HSTS support added to curl: > https://twitter.com/bagder/status/1299357395357925376) ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
