[ https://ovirt-jira.atlassian.net/browse/OVIRT-1243?page=com.atlassian.jira.p... ] Evgheni Dereveanchin reassigned OVIRT-1243: ------------------------------------------- Assignee: Evgheni Dereveanchin (was: infra)

HTTPS connection to ovirt.org causes HSTS pinning for subdomains ----------------------------------------------------------------

Key: OVIRT-1243 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1243 Project: oVirt - virtualization made easy Issue Type: Improvement Reporter: Evgheni Dereveanchin Assignee: Evgheni Dereveanchin

After accessing https://ovirt.org modern browser will refuse to display plaintext sites from all subdomains. Example: 1) go to https://ovirt.org in Chrome 2) try to access http://jenkins.ovirt.org Result: browser tries to connect to https so the connection fails (to revert this - go to chrome://net-internals/#hsts and delete ovirt.org domain) This happens since the following header is sent by https://ovirt.org: Strict-Transport-Security:max-age=31536000; includeSubDomains; preload

-- This message was sent by Atlassian JIRA (v1000.815.1#100035)