Closed
Bug 1176609
Opened 9 years ago
Closed 8 years ago
sso.mozilla.com should be served with Strict Transport Security (HSTS)
Categories
(Infrastructure & Operations :: IT-Managed Tools, task)
Infrastructure & Operations
IT-Managed Tools
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dholbert, Assigned: rwatson)
References
()
Details
(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3203])
sso.mozilla.com should use Strict Transport Security, so that users can just type "sso.mozilla.com/gmail" into the URLbar and we don't have to worry about them getting MITM'd. More information on Strict Transport Security here: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security (Basically, this is just a header we can send, to ask the browser to proactively upgrade all future HTTP connections to be HTTPS.) We don't currently use it for sso.mozilla.com: > Strict Transport Security (HSTS) No https://www.ssllabs.com/ssltest/analyze.html?d=sso.mozilla.com
|
||
Updated•9 years ago
|
Assignee: nobody → infra
status-firefox41:
affected → ---
Component: SSO → Infrastructure: SSO
Product: Webtools → Infrastructure & Operations
QA Contact: jdow
Version: Trunk → other
|
||
Comment 1•8 years ago
|
||
The HSTS header still isn't set for sso.mozilla.com. Justin, please can we do this? :-)
Flags: needinfo?(jbryner)
|
|
||
Comment 2•8 years ago
|
||
(Oops wrong email for the needinfo, sorry for the noise)
Flags: needinfo?(jbryner) → needinfo?(jdow)
|
|
||
Comment 3•8 years ago
|
||
Moving over to webops to add to the sso.mozilla.com configuration.
Assignee: infra → server-ops-webops
Component: Infrastructure: SSO → WebOps: IT-Managed Tools
Flags: needinfo?(jdow)
|
Assignee | |
Updated•8 years ago
|
Assignee: rsoderberg → rwatson
|
|
Assignee | |
Comment 4•8 years ago
|
||
curl -s -D- https://sso.mozilla.com Strict-Transport-Security: max-age=315360000 from https://www.ssllabs.com/ssltest/analyze.html?d=sso.mozilla.com Strict Transport Security (HSTS) Yes
|
|
Assignee | |
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•