Modify the checks for upgrade-request algorithm (#35357)

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
This commit is contained in:
Shubham Gupta 2025-02-07 21:15:06 +08:00 committed by GitHub
parent 3c1cce825d
commit 2bb720f0f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 9 deletions

View file

@ -921,13 +921,10 @@ fn should_upgrade_request_to_potentially_trustworty(
// requests header list if any of the following criteria are met:
// * requests URL is not a potentially trustworthy URL
// * requests URL's host is not a preloadable HSTS host
if !request.current_url().is_origin_trustworthy() ||
!context
.state
.hsts_list
.read()
.unwrap()
.is_host_secure(request.current_url().host_str().unwrap())
if !request.current_url().is_potentially_trustworthy() ||
!request.current_url().host_str().is_some_and(|host| {
!context.state.hsts_list.read().unwrap().is_host_secure(host)
})
{
debug!("Appending the Upgrade-Insecure-Requests header to requests header list");
request