Skip localhost when evaluating HSTS upgrades

Fixes #1780.
whatwg · Nov 5, 2024 · bdb452e · bdb452e
1 parent 1dc1b03
commit bdb452e
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/fetch.bs b/fetch.bs
@@ -4509,6 +4509,8 @@ steps:
    "<code>http</code>"
    <li><var>request</var>'s <a for=request>current URL</a>'s <a for=url>host</a> is a
    <a for=/>domain</a>
+   <li><var>request</var>'s <a for=request>current URL</a>'s <a for=url>host</a>'s
+   <a for=host>public suffix</a> is not "<code>localhost</code>" or "<code>localhost.</code>"
    <li>Matching <var>request</var>'s <a for=request>current URL</a>'s <a for=url>host</a> per
    <a href=https://www.rfc-editor.org/rfc/rfc6797.html#section-8.2>Known HSTS Host Domain Name Matching</a>
    results in either a superdomain match with an asserted <code>includeSubDomains</code> directive