| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
This also removes leftover plumbing for storing preload information
in SiteSecurityService since no service still uses it.
|
| |
|
|
|
|
|
| |
Commented out spewing dump() statements in loops. With the ever growing
HSTS list it takes too much time and is pointless to display.
|
|
|
|
|
|
|
|
|
| |
- Use HEAD instead of GET for probe to avoid loading pages
- Reduce retries to 2
- Reduce timeout to 10 s (since we're just getting a HEAD this is royal)
- Identify ourselves to websites as an automated tool
- Improve performance of list merging (O(n^2) was getting too expensive)
- Add a total counter and perform GC every 200 requests
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Previous behavior: if an entry was in the previously-used list, and there would be an error connecting to or processing the host, it would adopt it using the previous status, with a new minimum required max age TTL.
New behavior: if an entry is in the previously-used list, and there is an error connecting to or processing the host, it will be dropped from the preload list.
The old behavior would allow entries to persist on the HSTS preload list when they drop off the 'net. Considering domain churn, it would cause issues for new owners for having a persisted HSTS entry preloaded in the browser.
Bonus: it keeps our HSTS preload list lean.
|
|
|