Mark Nottingham comments

Results 399 comments of


                                            Mark Nottingham

(X-)Content-Security-Policy

https://www.cspvalidator.org/

add support for HTTP2

Thor doesn't support HTTP/2. Right now this is pretty low-priority; REDbot focuses mostly on HTTP semantics, not the details of the on-the-wire implementation.

gzip compression failure

demo url: http://caclubindia.s3.amazonaws.com/static/styles_rp/bootstrap_edit.css

gzip compression failure

that url seems to have used PKZIP; see https://github.com/madler/zlib/blob/50893291621658f355bc5b4d450a8d06a563053d/infback.c#L367 https://github.com/madler/zlib/issues/82

Upper-case cc directives

Some caches (not many) don't reuse with uppercased max-age, so probably good to warn. See https://cache-tests.fyi/?id=freshness-max-age-case-insenstive&id=cc-resp-no-store-case-insensitive#

Upper-case cc directives

Also possibly in `_utils.py:parse_param()` (`k_norm = key.lower()`).

Browser security view

- [ ] #222 Subresource Integrity - [ ] #153 HPKP - [ ] #60 CSP - [ ] #223 HSTS - [ ] #224 CORS - [ ] #225...

handle 1xx messages properly

Have it working, roughed in like this: ![screen shot 2016-11-16 at 1 02 28 pm](https://cloud.githubusercontent.com/assets/74384/20334396/16fb870c-abfd-11e6-9670-e8f8698bcde1.png)

handle 1xx messages properly

Open questions: - [x] Get it into HAR, TXT output - [ ] Make sure Notes are going to the right destination - [ ] options line (e.g., response header...

handle 1xx messages properly

I want to make sure it calls this out as an error in a good way.