]]>作者:ZE3kr
/p/hsts-preload-list/#comment-7735
Fri, 04 Dec 2015 11:04:49 +0000/?p=348035#comment-7735哈哈,缓存这个问题我也注意到了,你就直接在URL后面加“?” 然后加一段随机码,就是无缓存了(显然站长的缓存机制并不忽略query……
]]>作者:ghost
/p/hsts-preload-list/#comment-7734
Fri, 04 Dec 2015 10:49:10 +0000/?p=348035#comment-7734呃,提交一条评论就看见了,果然是缓存坑
Only whole domains can be submitted because the interaction of cookies, HSTS and user behaviour is complex and we believe that only accepting whole domains is simple enough to have clear security semantics and usually the correct choice for sites.
和
If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (not the page it redirects to).
(博主有空的话帮忙加个块引用标签,俺有点强迫症
]]>作者:ghost
/p/hsts-preload-list/#comment-7733
Fri, 04 Dec 2015 10:44:30 +0000/?p=348035#comment-7733又一次缓存毁一生……收到邮件看不到人*2
没记错的话要求是一级域名也带HSTS响应,响应包含includeSubDomains和preload。早就加入了来着…
]]>作者:Null
/p/hsts-preload-list/#comment-7732
Fri, 04 Dec 2015 09:53:42 +0000/?p=348035#comment-7732咦,哪里写的需要 wildcard 证书?
]]>