T132521 and https://wikitech.wikimedia.org/wiki/HTTPS/domains say, among many other things, that:
*.planet.wikimedia.org does not have HSTS enabled.
enable it
T132521 and https://wikitech.wikimedia.org/wiki/HTTPS/domains say, among many other things, that:
*.planet.wikimedia.org does not have HSTS enabled.
enable it
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | BBlack | T104681 HTTPS Plans (tracking / high-level info) | |||
Resolved | BBlack | T104244 Preload HSTS | |||
Resolved | BBlack | T40516 Enable HSTS on Wikimedia sites | |||
Resolved | Dzahn | T132543 enable HSTS on *.planet.wikimedia.org |
looking at the config i already see:
13 Header always set Strict-Transport-Security "max-age=604800"
isn't it already enabled?
already resolved/invalid
it's enabled and *.planet. uses use standard cache cluster termination, it's misc-web, besides having a separate wildcard cert, so doesnt really belong to T132521 and:
Strict Transport Security (HSTS) Yes
https://www.ssllabs.com/ssltest/analyze.html?d=es.planet.wikimedia.org&s=208.80.153.248
https://www.ssllabs.com/ssltest/analyze.html?d=es.planet.wikimedia.org&latest
@Pokefan95 do me a favor and update https://wikitech.wikimedia.org/wiki/HTTPS/domains ? can't login on wikitech due to lack of second factor . thanks
the change that enabled this was https://gerrit.wikimedia.org/r/#/c/253758/ on 2015-11-18
@Dzhan: For now, I just changed it from "No" to "Yes" (https://wikitech.wikimedia.org/w/index.php?title=HTTPS/domains&diff=433393&oldid=200991). What is the duration of the HSTS?
it's max-age=31536000 (from https://www.ssllabs.com/ssltest/analyze.html?d=es.planet.wikimedia.org&s=208.80.153.248) so that means 1yr