Check if CSP upgrade-insecure-requests works well on hash collision |
|
Issue descriptionJust a memo of a work item. When FrameLoader::UpgradeInsecureRequest() checks if it should upgrade the request, it matches the hash of host instead of the host itself. This may cause unintended http to https upgrade on the hash collision. Check if it may happen and if it matters. |
|
►
Sign in to add a comment |
|
Comment 1 by ksakamoto@chromium.org
, Sep 27