Page MenuHomePhabricator

releases.wikimedia.org should be https only and have hsts set
Closed, ResolvedPublic

Description

releases.wikimedia.org doesn't have a http to https redirect nor hsts

Event Timeline

yuvipanda raised the priority of this task from to Needs Triage.
yuvipanda updated the task description. (Show Details)
yuvipanda added a project: Operations.
yuvipanda added subscribers: yuvipanda, BBlack.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptNov 16 2015, 11:00 PM
Dzahn claimed this task.Nov 17 2015, 12:09 AM
Dzahn triaged this task as Normal priority.Nov 17 2015, 9:35 PM

Change 253757 had a related patch set uploaded (by Dzahn):
releases: enforce http->https redirect behind misc-web

https://gerrit.wikimedia.org/r/253757

Change 253759 had a related patch set uploaded (by Dzahn):
releases: enable strict transport security

https://gerrit.wikimedia.org/r/253759

Chmarkine set Security to None.
Chmarkine added a subscriber: Chmarkine.

Change 253757 merged by Dzahn:
releases: enforce http->https redirect behind misc-web

https://gerrit.wikimedia.org/r/253757

Change 253936 had a related patch set uploaded (by Dzahn):
releases: load mod_headers for proto redirect

https://gerrit.wikimedia.org/r/253936

Change 253936 merged by Dzahn:
releases: load mod_headers for proto redirect

https://gerrit.wikimedia.org/r/253936

Dzahn added a comment.Nov 18 2015, 5:44 PM

Merged the protocol redirect. It now redirects http->https.

Waiting with the HSTS headers just a little bit just in case.. because that can't be reverted.

Change 253759 merged by Dzahn:
releases: enable strict transport security

https://gerrit.wikimedia.org/r/253759

Also merged that part and added the STS headers now that about a week went by without complaints.

Dzahn closed this task as Resolved.Nov 24 2015, 10:00 PM
Dzahn removed a project: Patch-For-Review.
Restricted Application added a project: Traffic. · View Herald TranscriptJun 7 2017, 6:46 PM