Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
When a transport security binding is used wih HttpsToken, PolicyBasedValidator doesn't check whether the incoming transport was HTTPS. This allows a service to be accessed via HTTP ( violating the policy), if a HTTP endpoint is available.