1277687 - srihash.org should be a CNAME to Heroku?

Status: RESOLVED FIXED

(Infrastructure & Operations :: SSL Certificates, task)

Description

[François Marier [:francois]]

Attachment: Heroku settings page for srihash.org

According to the Heroku settings page (see attached screenshot), srihash.org should be a CNAME to yamanashi-5422.herokussl.com. However, it currently is an A record ultimately pointing to static.external.zlb.scl3.mozilla.com which then does a 301 to www.srihash.org (which _is_ a CNAME to Heroku).

Is Heroku right? Can we make the top-level name a CNAME?

If not, is it possible at least to add the same HSTS header to https://srihash.org as the one we have on https://www.srihash.org:

  Strict-Transport-Security: max-age=15768000

That way we can apply to be added to the HSTS preload list.

Comment 1

[Eric Ziegenhorn :ericz]

That's correct, you can't make a top level domain like srihash.org a CNAME, hence the redirect.  I assume a HSTS header could be added but that would be on the Heroku side by whomever owns that app.

Comment 2

[François Marier [:francois]]

(In reply to Eric Ziegenhorn :ericz from comment #1)
> I assume a HSTS header could be added but that would be
> on the Heroku side by whomever owns that app.

There is an HSTS header in the app, but the redirect done from static.external.zlb.scl3.mozilla.com doesn't have that header set. That's what we'd like to see added because it's a requirement for being added to the HSTS preload list.

Comment 3

[Ryan Watson [:w0ts0n]]

Just an update, I'm working on crafting a TrafficScript rule for our loadbalancer to add the response header.

Comment 4

[Ryan Watson [:w0ts0n]]

Think we are good here:

curl -i srihash.org
HTTP/1.1 301 Moved Permanently
Server: Apache
X-Backend-Server: pp-web04
Content-Type: text/html; charset=iso-8859-1
Strict-Transport-Security: max-age=15768000
Date: Fri, 08 Jul 2016 16:47:25 GMT
Location: https://www.srihash.org/
X-Cache-Info: caching
Content-Length: 232

Comment 5

[François Marier [:francois]]

Thanks Ryan!