Great news -- thanks Bryan!! /me removes hacky domain proxy HTTPS enforcement config from Cloud VPS projects
On Tue, Aug 18, 2020 at 11:03 AM Bryan Davis <[email protected]> wrote: > TL;DR: > * HTTP -> HTTPS redirection is live (finally!) > * Currently allowing a "POST loophole" > * "POST loophole" will be closed on 2021-02-01 > > Today we merged a small change [0] to the front proxy used by Cloud > VPS projects [1]. This change brings automatic HTTP -> HTTPS > redirection to the "domain proxy" service and a > Strict-Transport-Security header with a 1 day duration. > > The current configuration is conservative. We will only redirect GET > and HEAD requests to HTTPS to avoid triggering bugs in the handling of > redirects during POST requests. This "POST loophole" is the same > process that we followed when converting the production wiki farm and > Toolforge to HTTPS. > > When we announced similar changes for Toolforge in 2019 [2] we forgot > to set a timeline for closing the POST loophole. This time we are > wiser! We will close the POST loophole and make all HTTP requests, > regardless of the verb used, redirect to HTTPS on 2021-02-01. This 6 > month transition period should give us all a chance to find and update > URLs to use https and to fix any dependent software that might break > if a redirect was sent for a POST request. > > If you find issues in your projects resulting from this change, please > do let us know. The tracking task for this change is T120486 [3]. We > also provide support in the #wikimedia-cloud channel on Freenode and > via the [email protected] mailing list [4]. > > > [0]: https://gerrit.wikimedia.org/r/c/operations/puppet/+/620122/ > [1]: > https://wikitech.wikimedia.org/wiki/Help:Using_a_web_proxy_to_reach_Cloud_VPS_servers_from_the_internet > [2]: > https://phabricator.wikimedia.org/phame/post/view/132/migrating_tools.wmflabs.org_to_https/ > [3]: https://phabricator.wikimedia.org/T120486 > [4]: https://lists.wikimedia.org/mailman/listinfo/cloud > > Bryan, on behalf of the Cloud VPS admin team > -- > Bryan Davis Technical Engagement Wikimedia Foundation > Principal Software Engineer Boise, ID USA > [[m:User:BDavis_(WMF)]] irc: bd808 > > _______________________________________________ > Wikimedia Cloud Services announce mailing list > [email protected] (formerly > [email protected]) > https://lists.wikimedia.org/mailman/listinfo/cloud-announce > > _______________________________________________ > Wikimedia Cloud Services mailing list > [email protected] (formerly [email protected]) > https://lists.wikimedia.org/mailman/listinfo/cloud > -- Isaac Johnson (he/him/his) -- Research Scientist -- Wikimedia Foundation
_______________________________________________ Wikimedia Cloud Services mailing list [email protected] (formerly [email protected]) https://lists.wikimedia.org/mailman/listinfo/cloud
