Closed
Bug 574173
Opened 15 years ago
Closed 15 years ago
Implement Strict-Transport-Security headers to force HTTPS access on Bugzilla
Categories
(bugzilla.mozilla.org :: General, defect)
bugzilla.mozilla.org
General
Tracking
()
RESOLVED
FIXED
People
(Reporter: clyon, Assigned: reed)
References
Details
Attachments
(1 file)
|
1.40 KB,
patch
|
Details | Diff | Splinter Review |
There should be a way to do this header off the zeus where we set the header for STS. Can we do this for Bugzilla? Not a major rush but would need to do soon.
The header should look like this:
Strict-Transport-Security: max-age=###
where ### delta-seconds, high enough that most people will visit AMO
before the expiry date.
BTW, there is a bug in for Bugzilla the application to do this but not sure they have a priority on this.
|
Assignee | |
Comment 1•15 years ago
|
||
We generally try not to create duplicate bugs for things that are really upstream issues.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
|
Reporter | |
Comment 2•15 years ago
|
||
This is for the Zeus, not for the Bugzilla code. Reopening..
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
|
|
Assignee | |
Comment 3•15 years ago
|
||
Backport of upstream patch to 3.6 plus a few bmo-only changes.
Assignee: nobody → reed
Status: REOPENED → ASSIGNED
|
|
Assignee | |
Comment 4•15 years ago
|
||
Committing to: bzr+ssh://bzr.mozilla.org/bmo/3.6/
modified Bugzilla/CGI.pm
modified Bugzilla/Constants.pm
Committed revision 7109.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago → 15 years ago
Depends on: bmo-upgrade-3.6
Resolution: --- → FIXED
|
||
Updated•14 years ago
|
Component: Bugzilla: Other b.m.o Issues → General
Product: mozilla.org → bugzilla.mozilla.org
You need to log in
before you can comment on or make changes to this bug.
Description
•