[JIRA] (OVIRT-1243) HTTPS connection to ovirt.org causes HSTS pinning for subdomains
Evgheni Dereveanchin (oVirt JIRA)
jira at ovirt-jira.atlassian.net
Thu Mar 9 16:13:07 UTC 2017
Evgheni Dereveanchin created OVIRT-1243:
-------------------------------------------
Summary: HTTPS connection to ovirt.org causes HSTS pinning for subdomains
Key: OVIRT-1243
URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1243
Project: oVirt - virtualization made easy
Issue Type: Improvement
Reporter: Evgheni Dereveanchin
Assignee: infra
After accessing https://ovirt.org modern browser will refuse to display plaintext sites from all subdomains.
Example:
1) go to https://ovirt.org in Chrome
2) try to access http://jenkins.ovirt.org
Result: browser tries to connect to https so the connection fails
(to revert this - go to chrome://net-internals/#hsts and delete ovirt.org domain)
This happens since the following header is sent by https://ovirt.org:
Strict-Transport-Security:max-age=31536000; includeSubDomains; preload
--
This message was sent by Atlassian JIRA
(v1000.815.1#100035)
More information about the Infra
mailing list