Page MenuHomePhabricator

enable HSTS on *
Closed, ResolvedPublic


T132521 and say, among many other things, that:

* does not have HSTS enabled.

enable it

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Poyekhali triaged this task as Medium priority.Apr 13 2016, 5:11 AM

looking at the config i already see:

13 Header always set Strict-Transport-Security "max-age=604800"

isn't it already enabled?

already resolved/invalid

it's enabled and *.planet. uses use standard cache cluster termination, it's misc-web, besides having a separate wildcard cert, so doesnt really belong to T132521 and:

Strict Transport Security (HSTS) Yes

@Pokefan95 do me a favor and update ? can't login on wikitech due to lack of second factor . thanks

Dzahn changed the task status from Invalid to Resolved.Apr 13 2016, 5:29 AM

@Pokefan95 thank you , then there was actually something to resolve, heh

@Dzhan: For now, I just changed it from "No" to "Yes" ( What is the duration of the HSTS?