|
|
|
|
|
|
by just2n
4823 days ago
|
|
|
That only works if the user makes an https request first. Say the URL is: https://mybank.com, but I go to http://mybank.com, and I haven't been there yet, so the STS rule isn't in my browser. How can a user reliably be switched to https without risk of having the connection hijacked by someone injecting code to the user? |
|
|