[JIRA] (OVIRT-1243) HTTPS connection to ovirt.org causes HSTS pinning for subdomains

HTTPS connection to ovirt.org causes HSTS pinning for subdomains ---------------------------------------------------------------- Key: OVIRT-1243 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1243 Project: oVirt - virtualization made easy Issue Type: Improvement Reporter: Evgheni Dereveanchin Assignee: Evgheni Dereveanchin After accessing https://ovirt.org modern browser will refuse to display plaintext sites from all subdomains. Example: 1) go to https://ovirt.org in Chrome 2) try to access http://jenkins.ovirt.org Result: browser tries to connect to https so the connection fails (to revert this - go to chrome://net-internals/#hsts and delete ovirt.org domain) This happens since the following header is sent by https://ovirt.org: Strict-Transport-Security:max-age=31536000; includeSubDomains; preload