Closed
Bug 1351445
Opened 8 years ago
Closed 6 years ago
Add etherpad-mozilla.org to the HSTS preload list
Categories
(Infrastructure & Operations :: IT-Managed Tools, task)
Infrastructure & Operations
IT-Managed Tools
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: emorley, Unassigned)
References
Details
(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4543])
Bug 1351363 is aiming to add as many apex/root Mozilla domains to the HSTS preload list as possible, to protect first connections and also to catch any subdomains that forget to set an HSTS header themselves.
Rough steps:
1) Identify etherpad-mozilla.org subdomains that don't yet support HTTPS and file dependant bugs to fix them.
2) Ensure the apex/root domain (https://etherpad-mozilla.org/) serves an HSTS header that meets the requirements on https://hstspreload.org/
3) Submit the domain using that same tool
We made a mistake when deploying this. The apex was meant to have HSTS, but doesn't, because we use a different server for the root redirect. Ugh. I will try to help untangle this and have Webops fix it next week. Any dependent domain that doesn't use SSL can break, we offer no SLA or other guarantees about any Etherpad-related service.
Updated•8 years ago
|
Comment 2•6 years ago
|
||
Etherpad is eventually heading for a decom, not going to make any changes here.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•