Evgheni Dereveanchin created OVIRT-1243:
-------------------------------------------
Summary: HTTPS connection to
ovirt.org causes HSTS pinning for subdomains
Key: OVIRT-1243
URL:
https://ovirt-jira.atlassian.net/browse/OVIRT-1243
Project: oVirt - virtualization made easy
Issue Type: Improvement
Reporter: Evgheni Dereveanchin
Assignee: infra
After accessing
https://ovirt.org modern browser will refuse to display plaintext sites
from all subdomains.
Example:
1) go to
https://ovirt.org in Chrome
2) try to access
http://jenkins.ovirt.org
Result: browser tries to connect to https so the connection fails
(to revert this - go to chrome://net-internals/#hsts and delete
ovirt.org domain)
This happens since the following header is sent by
https://ovirt.org:
Strict-Transport-Security:max-age=31536000; includeSubDomains; preload
--
This message was sent by Atlassian JIRA
(v1000.815.1#100035)