[Bug 628292] New: Setup HTTP Strict Transport Security (connect directly to https)

From: "sysadmin" (bugzilla.gnome.org) <bugzilla gnome org>
To: gnome-infrastructure gnome org
Subject: [Bug 628292] New: Setup HTTP Strict Transport Security (connect directly to https)
Date: Mon, 30 Aug 2010 08:38:37 +0000 (UTC)

https://bugzilla.gnome.org/show_bug.cgi?id=628292
  sysadmin | Certificates | unspecified

           Summary: Setup HTTP Strict Transport Security (connect directly
                    to https)
    Classification: Infrastructure
           Product: sysadmin
           Version: unspecified
        OS/Version: Windows
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: Certificates
        AssignedTo: sysadmin-maint gnome bugs
        ReportedBy: bugzilla-gnome vitters nl
         QAContact: sysadmin-maint gnome bugs
      GNOME target: ---
     GNOME version: ---


See https://developer.mozilla.org/en/Security/HTTP_Strict_Transport_Security

Using this header a supporting webbrowser after seeing this header on a https
site (not http!) will automatically remember to connect only using https.
Meaning: even when typing bugzilla.gnome.org in the address bar it'll try
https, not http.

We should set this up on all https only sites.

I think that is:
 https://bugzilla.gnome.org/
 https://mango.gnome.org/

The following uses https, but only for a subdirectory:
 https://www.gnome.org/rt3/
Above MUST NOT have HTTP strict transport security!

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]