I have two extra suggestions for added security benefits:
1. In order to ensure that clients that support CSP will never attempt
to contact the HTTP version of the site for fetching any subresources
that may still point to http:, please make sure to serve the
|Content-Security-Policy: upgrade-inse
Thank you for tracking this down and submitting patches to fix
-Werror=sign-compare problems.
For the record, this thread is a clear example of where the lack of a
compiler warning/error led to a crash. In some contexts, I imagine this
compiler warning could lead to a security vulnerability. And s
2 matches
Mail list logo
