XMPP Council - 2022-02-24


  1. moparisthebest

    damn I have more security considerations to add to '156: "when following HTTP redirects make sure they are all 'https' and never 'http'" :'(

  2. moparisthebest

    actually, rip the language directly from POSH: > A web server at the source domain might redirect an HTTPS request to another HTTPS URI. The location provided in the redirect response MUST specify an HTTPS URI.