persona: browserid.org redirects improvements

RESOLVED FIXED

Status

Cloud Services
Operations
RESOLVED FIXED
6 years ago
5 years ago

People

(Reporter: francois, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [qa+], URL)

(Reporter)

Description

6 years ago
There are two issues with the current browserid.org -> login.persona.org redirects:

1- https://browserid.org should have the same HSTS headers as login.persona.org:

Strict-Transport-Security: max-age=2592000; includeSubdomains

2- http://browserid.org should redirect to https://login.persona.org directly (this one is a fairly minor point, but probably very easy to do)
Whiteboard: [qa+]
(Reporter)

Comment 1

5 years ago
The second issue is resolved. The first one remains:

$ curl --head http://browserid.org
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Aug 2013 03:41:18 GMT
Server: Apache/2.4.4 (Unix) OpenSSL/1.0.0-fips
Location: https://login.persona.org/
Content-Type: text/html; charset=iso-8859-1

$ curl --head https://browserid.org
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Aug 2013 03:41:24 GMT
Server: Apache/2.4.4 (Unix) OpenSSL/1.0.0-fips
Location: https://login.persona.org/
Content-Type: text/html; charset=iso-8859-1

Gene: is there a technical reason preventing us from adding the HSTS header to the https://browserid.org -> https://login.persona.org redirect?
Flags: needinfo?(gene)

Comment 2

5 years ago
François, not that I know of, we just need to find an apache directive that does what you're looking for. It would go in the apache config here 

https://github.com/mozilla/identity-ops/blob/master/chef/cookbooks/persona-rootzone/templates/default/etc/httpd/conf.d/rootzone.conf.erb

I'll need to look for a setting to do this
Flags: needinfo?(gene)
(Reporter)

Comment 3

5 years ago
I have prepared a pull request for this: https://github.com/mozilla/identity-ops/pull/136
(Reporter)

Comment 4

5 years ago
Closing since this is now tracked on Github.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.