Re: ATS fails for one subdomain, succeeds for another
Re: ATS fails for one subdomain, succeeds for another
- Subject: Re: ATS fails for one subdomain, succeeds for another
- From: "Quinn \"The Eskimo!\"" <email@hidden>
- Date: Tue, 05 Dec 2017 08:12:03 +0000
On 4 Dec 2017, at 20:44, Daniel Jalkut <email@hidden> wrote:
> What else would explain this?
There’s two common reasons for this:
A. A cached HTTP-to-HTTPS redirect
B. HSTS
<https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security>
I think you’ve ruled out A, so the most likely cause is B. And there’s two
parts to that:
B.1. Some sites are on the HSTS preload list.
<https://hstspreload.org>
B.2. For those not on the list, if the client ever sees the HSTS header it can
cache that knowledge outside of the standard `NSURLCache`.
I suspect B.2. is what’s going on here. That is, the HSTS entry has rewritten
your HTTP URL to HTTPS before it hits the wire, and thus it’s never blocked by
ATS.
Share and Enjoy
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden