New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Intent to Deprecate and Remove: Expect-CT in Google Chrome #2666
Comments
This is a cloudflare issue. |
Thanks. The expect-ct header can be removed from this library by emailing Cloudflare support. I have switched my includes to using local build in lieu of cdnjs, so it's not an issue for me any longer. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
bootstrap-datepicker should no longer include Expect-CT in response header.
https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/1.9.0/js/bootstrap-datepicker.min.js
Reproduction:
Save html as test.html and open in Chrome browser.
Result:
Response Headers include expect-ct:
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Intent to Deprecate and Remove: Expect-CT
https://groups.google.com/a/chromium.org/g/blink-dev/c/bGLVLwSKNJY/m/nbg4hWckAwAJ
"Expect-CT was designed to help transition to universal Certificate Transparency (CT) enforcement, by allowing high-value websites to opt in to CT enforcement/reporting for better security before CT enforcement was required (by Chrome) on all public websites. However, Expect-CT has now outlived its usefulness. Chrome requires CT on all public websites now, so there is no security value to Expect-CT anymore. Expect-CT was also designed to help site owners discover CT-related misconfigurations; however, now that CT is universally required, CT is generally configured in websites' certificates by certificate authorities and virtually never configured by individual site owners, thus Expect-CT has very limited value as a misconfiguration/debugging tool anymore either. No other browser has implemented Expect-CT so removing it is not an interoperability concern."
Deprecated: This feature is no longer recommended
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
The text was updated successfully, but these errors were encountered: