Closed
Bug 1143977
Opened 9 years ago
Closed 8 years ago
Recommend increasing Strict-Transport-Security max-age to 15552000, includeSubdomains and get on Chromium HSTS preload list
Categories
(Cloud Services Graveyard :: Find My Device, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: jrgm, Unassigned)
Details
I realize this somewhat overlaps with https://bugzilla.mozilla.org/show_bug.cgi?id=1143892, but FMD has an STS header, but it should be like this: > Strict-Transport-Security: max-age=15552000; includeSubdomains $ curl -H 'connection: close' -s -X HEAD -D - https://find.firefox.com/ HTTP/1.1 200 OK Strict-Transport-Security: max-age=86400 Date: Tue, 17 Mar 2015 02:13:26 GMT Content-Type: text/html; charset=utf-8 Connection: close Also, once that is in place, a request should be made to get find.firefox.com on the STS preload list maintained by chromium.org. (@see https://bugzilla.mozilla.org/show_bug.cgi?id=958313) /cc :francois
Comment 1•9 years ago
|
||
BTW, I believe that the (new) way to request inclusion on the preload list is through https://hstspreload.appspot.com/
Comment 2•8 years ago
|
||
Product sunset
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•8 years ago
|
Product: Cloud Services → Cloud Services Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•