Closed
Bug 574173
Opened 14 years ago
Closed 14 years ago
Implement Strict-Transport-Security headers to force HTTPS access on Bugzilla
Categories
(bugzilla.mozilla.org :: General, defect)
bugzilla.mozilla.org
General
Tracking
()
RESOLVED
FIXED
People
(Reporter: clyon, Assigned: reed)
References
Details
Attachments
(1 file)
1.40 KB,
patch
|
Details | Diff | Splinter Review |
There should be a way to do this header off the zeus where we set the header for STS. Can we do this for Bugzilla? Not a major rush but would need to do soon. The header should look like this: Strict-Transport-Security: max-age=### where ### delta-seconds, high enough that most people will visit AMO before the expiry date. BTW, there is a bug in for Bugzilla the application to do this but not sure they have a priority on this.
Assignee | ||
Comment 1•14 years ago
|
||
We generally try not to create duplicate bugs for things that are really upstream issues.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 2•14 years ago
|
||
This is for the Zeus, not for the Bugzilla code. Reopening..
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Assignee | ||
Comment 3•14 years ago
|
||
Backport of upstream patch to 3.6 plus a few bmo-only changes.
Assignee: nobody → reed
Status: REOPENED → ASSIGNED
Assignee | ||
Comment 4•14 years ago
|
||
Committing to: bzr+ssh://bzr.mozilla.org/bmo/3.6/ modified Bugzilla/CGI.pm modified Bugzilla/Constants.pm Committed revision 7109.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago → 14 years ago
Depends on: bmo-upgrade-3.6
Resolution: --- → FIXED
Updated•13 years ago
|
Component: Bugzilla: Other b.m.o Issues → General
Product: mozilla.org → bugzilla.mozilla.org
You need to log in
before you can comment on or make changes to this bug.
Description
•