[JIRA] (OVIRT-1243) HTTPS connection to ovirt.org causes HSTS pinning for subdomains
Evgheni Dereveanchin (oVirt JIRA)
jira at ovirt-jira.atlassian.net
Thu Mar 9 16:13:45 UTC 2017
[ https://ovirt-jira.atlassian.net/browse/OVIRT-1243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Evgheni Dereveanchin reassigned OVIRT-1243:
-------------------------------------------
Assignee: Evgheni Dereveanchin (was: infra)
> HTTPS connection to ovirt.org causes HSTS pinning for subdomains
> ----------------------------------------------------------------
>
> Key: OVIRT-1243
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1243
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Reporter: Evgheni Dereveanchin
> Assignee: Evgheni Dereveanchin
>
> After accessing https://ovirt.org modern browser will refuse to display plaintext sites from all subdomains.
> Example:
> 1) go to https://ovirt.org in Chrome
> 2) try to access http://jenkins.ovirt.org
> Result: browser tries to connect to https so the connection fails
> (to revert this - go to chrome://net-internals/#hsts and delete ovirt.org domain)
> This happens since the following header is sent by https://ovirt.org:
> Strict-Transport-Security:max-age=31536000; includeSubDomains; preload
--
This message was sent by Atlassian JIRA
(v1000.815.1#100035)
More information about the Infra
mailing list