Closed
Bug 1125894
Opened 10 years ago
Closed 5 years ago
implement HSTS for RelengAPI
Categories
(Release Engineering :: General, defect)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: garbas)
References
Details
(Whiteboard: [relsec])
Indicate to browsers that HTTPS should *always* be used.
This is just a header, along with a redirect from http to https.
|
Reporter | |
Updated•10 years ago
|
Assignee: dustin → relops
|
||
Updated•8 years ago
|
Assignee: relops → rgarbas
|
|
||
Updated•8 years ago
|
Whiteboard: [relsec]
|
Assignee | |
Comment 1•8 years ago
|
||
:dustin
HSTS headers is currently impossible to setup on via Amazon CloudFront. We use CloudFront and S3 to server static pages. No idea how to proceed there.
On heroku we host individual json apis. There we can set the headers as we want. I will look into adding it before hawaii all hands. (eg. https://github.com/kennethreitz/flask-sslify)
Flags: needinfo?(dustin)
|
|
Reporter | |
Comment 2•8 years ago
|
||
I've never configured it in either of those situations, so I don't have much info to provide. I'll be following your work with interest and may do the same in TC :)
Flags: needinfo?(dustin)
|
|
Assignee | |
Comment 3•8 years ago
|
||
I only implemented HSTS for "new" relengapi: https://mozilla-releng
Currently deployed:
- TryChooser
- TreeStatus (backend: https://treestatus.mozilla-releng.net)
New services will be migrated shortly and will all "inherit" this setup automatically.
HSTS got implemented using `flask-talisman`[1] and its configuration can be found in `lib/releng_common`[2] security module:
[1] https://github.com/GoogleCloudPlatform/flask-talisman
[2] https://github.com/mozilla-releng/services/blob/3b857db27bd88ea8a49aae8cac4f3e2fb0b76c69/lib/releng_common/releng_common/security.py#L27
I will implement this later this month also in "old" relengapi: https://api.pub.build.mozilla.org/
Status: NEW → ASSIGNED
|
||
Comment 4•6 years ago
|
||
"old" releng API is gone since it died with SCL3 but mozilla-releng.net still exists under aws cloudfront. There is a way to implement HSTS with lambda as noted under this blog post:
Component: RelOps: General → General
Product: Infrastructure & Operations → Release Engineering
QA Contact: arich → catlee
|
|
Assignee | |
Comment 5•5 years ago
|
||
this is now done. with the migration to GCP
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•