Closed Bug 1638031 Opened 5 years ago Closed 5 years ago

HSTS headers are duplicated (3 times!)

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: julienw, Assigned: oremj)

Details

Julien Wajsberg [:julienw]

Reporter

Description

•

5 years ago

•

Edited

We have 3 HSTS headers. Our service generates one, looks like some reverse proxies add their own without replacing the other. Also our header is stricter, so ideally we should keep that one instead of replacing it.

$ curl -i https://dev.firefoxprofiler.nonprod.cloudops.mozgcp.net/__version__
...
strict-transport-security: max-age=63072000; includeSubDomains
strict-transport-security: max-age=31536000
strict-transport-security: max-age=31536000
...

$ curl -i https://api.profiler.firefox.com/__version__
...
strict-transport-security: max-age=63072000; includeSubDomains
strict-transport-security: max-age=31536000
strict-transport-security: max-age=31536000
...

edunham

Comment 1

•

5 years ago

Checked on some other apps and they do it too. Looks like it'll be a fix in the skeleton; whoever from cloudops ends up working on this should see https://mozilla.slack.com/archives/C8WPJ66KC/p1589898680151200 where I asked about it before and Brian made some suggestions.

Assignee: edunham → oremj

Jeremy Orem [:oremj]

Assignee

Updated

•

5 years ago

Status: NEW → RESOLVED

Closed: 5 years ago

Resolution: --- → FIXED

Julien Wajsberg [:julienw]

Reporter

Comment 2

•

5 years ago

Thanks, I double checked and this looks good now!

You need to log in before you can comment on or make changes to this bug.

Bugzilla

HSTS headers are duplicated (3 times!)

Categories

(Cloud Services :: Operations: Firefox Profiler, task)

Tracking

(Not tracked)

People

(Reporter: julienw, Assigned: oremj)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2