Evgheni Dereveanchin created OVIRT-1243: ------------------------------------------- Summary: HTTPS connection to ovirt.org causes HSTS pinning for subdomains Key: OVIRT-1243 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1243 Project: oVirt - virtualization made easy Issue Type: Improvement Reporter: Evgheni Dereveanchin Assignee: infra After accessing https://ovirt.org modern browser will refuse to display plaintext sites from all subdomains. Example: 1) go to https://ovirt.org in Chrome 2) try to access http://jenkins.ovirt.org Result: browser tries to connect to https so the connection fails (to revert this - go to chrome://net-internals/#hsts and delete ovirt.org domain) This happens since the following header is sent by https://ovirt.org: Strict-Transport-Security:max-age=31536000; includeSubDomains; preload -- This message was sent by Atlassian JIRA (v1000.815.1#100035)