On Wed, May 9, 2018 at 12:15 PM Anton Marchukov <amarchuk@redhat.com> wrote:

Hello All.

Please note that ovirt.org got HSTS setting enabled. 

The way this
change was rolled was not authorised by us. The setting contains
“includeSubDomains” parameter that ask browser to access all resources
inside *.ovirt.org using https://.

The problem is that not all resources on *.ovirt.org are
https-enabled. And this will prevent you from being able to access

http://resources.ovirt.org
http://jenkins.ovirt.org

This setting is cached in your browser and then applied with no
exceptions even if you explicitly specify http:// the browser will
rewrite to https and then connection to above mentioned resources will
fail.

The only immediate work-around for you is to clear the HSTS flag in
your browser, please find the instructions for Firefox and Chrome [1].
Please note that you will get that setting back by visiting ovirt.org
website until we clear it from there.

We are currently working on this setting to be soften or disabled till
all resources are https enabled that is also in progress.

This is only related to access via the web browser. Accessing using
yum or automated scripts should work fine as they usually do not
observe and cache HSTS.

curl also fail to access jenkins.ovirt.org.

Thanks for notifying, I'm failing to access jenkins since yesterday.

Can we revert this change until we complete converting to https?

Nir

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org