From 89a8f3eb0a462e0e61127e6ed32b053394df9afb Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Wed, 4 Feb 2026 10:19:26 -0700
Subject: [PATCH] Updated STS handling to require an explicit port in
 insecure-connection capability upgrades, ignoring incomplete policies without
 upgrading.

---
 src/common/sts.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/src/common/sts.c b/src/common/sts.c
index d5dae4bf..9d57a905 100644
--- a/src/common/sts.c
+++ b/src/common/sts.c
@@ -553,15 +553,7 @@ sts_handle_capability (struct server *serv, const char *value)
 	{
 		if (!has_port)
 		{
-			if (serv->port > 0)
-			{
-				port = (guint16) serv->port;
-				has_port = TRUE;
-			}
-			else
-			{
-				return FALSE;
-			}
+			return FALSE;
 		}
 #ifdef USE_OPENSSL
 		if (serv->sts_upgrade_in_progress)