Shlee
Shlee
Just take #19018 into consideration. :) As of that PR, 2/3 of the mastodon instances had 2 HSTS headers.
We need to just consider this carefully. As per my understanding of https://api.rubyonrails.org/v5.2.8.1/classes/ActionDispatch/SSL.html `To turn off HSTS, omitting the header is not enough. Browsers will remember the original HSTS directive...
other worse reporting queries are not as bad. 
I was looking into a more obvious design  but I really like the one above. by @mirisuzanne
@BenLubar is the actual rotate broken? or did you just think it was?
Yeah, I assume the third party instance won't try to update the toot path.
Dupe of a dupe of a dupe. We get it but unless you are a cryptographer with knowledge of Ruby and Mobile dev, and can assist to get this implemented?...
@DalinSeivewright did you solve this?
I've been experiencing this and it's gotten worse recently. Firefox is my primary browser, but I've moved to chrome for mastodon only because the advanced view just locks up on...
lol. Apparently I asked for this in #12261 in 2019.