Closed Bug 1176609 Opened 10 years ago Closed 9 years ago

sso.mozilla.com should be served with Strict Transport Security (HSTS)

Categories

(Infrastructure & Operations :: IT-Managed Tools, task)

Product:
Infrastructure & Operations
Component:
IT-Managed Tools
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dholbert, Assigned: rwatson)

References

(
URL
)

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3203])

sso.mozilla.com should use Strict Transport Security, so that users can just type "sso.mozilla.com/gmail" into the URLbar and we don't have to worry about them getting MITM'd. More information on Strict Transport Security here: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security (Basically, this is just a header we can send, to ask the browser to proactively upgrade all future HTTP connections to be HTTPS.) We don't currently use it for sso.mozilla.com: > Strict Transport Security (HSTS) No https://www.ssllabs.com/ssltest/analyze.html?d=sso.mozilla.com
Assignee: nobody → infra
status-firefox41: affected → ---
Component: SSO → Infrastructure: SSO
Product: Webtools → Infrastructure & Operations
QA Contact: jdow
Version: Trunk → other
The HSTS header still isn't set for sso.mozilla.com. Justin, please can we do this? :-)
Flags: needinfo?(jbryner)
(Oops wrong email for the needinfo, sorry for the noise)
Flags: needinfo?(jbryner) → needinfo?(jdow)
Moving over to webops to add to the sso.mozilla.com configuration.
Assignee: infra → server-ops-webops
Component: Infrastructure: SSO → WebOps: IT-Managed Tools
Flags: needinfo?(jdow)
Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/3203]
Assignee: server-ops-webops → rsoderberg
Assignee: rsoderberg → rwatson
curl -s -D- https://sso.mozilla.com Strict-Transport-Security: max-age=315360000 from https://www.ssllabs.com/ssltest/analyze.html?d=sso.mozilla.com Strict Transport Security (HSTS) Yes
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.