curl HSTS cache support (#3813)

* add curl HSTS support

* add HSTS support

2 files changed, 7 insertions, 0 deletions

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 25c7796da..9b098f43c 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -430,6 +430,7 @@ blacklist ${HOME}/.config/Zulip
 blacklist ${HOME}/.conkeror.mozdev.org
 blacklist ${HOME}/.crawl
 blacklist ${HOME}/.cups
+blacklist ${HOME}/.curl-hsts
 blacklist ${HOME}/.curlrc
 blacklist ${HOME}/.dashcore
 blacklist ${HOME}/.devilspie
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 996ff51d3..5a5a7496a 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -7,6 +7,12 @@ include curl.local
 # Persistent global definitions
 include globals.local
 
+# curl 7.74.0 introduces experimental support for HSTS cache
+# https://daniel.haxx.se/blog/2020/11/03/hsts-your-curl/
+# technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts
+# if your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local
+# and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact
+noblacklist ${HOME}/.curl-hsts
 noblacklist ${HOME}/.curlrc
 
 blacklist /tmp/.X11-unix