[JIRA] (OVIRT-1243) HTTPS connection to ovirt.org causes HSTS pinning for subdomains

Evgheni Dereveanchin (oVirt JIRA) Thu, 09 Mar 2017 08:13:43 -0800

Evgheni Dereveanchin created OVIRT-1243:
-------------------------------------------


             Summary: HTTPS connection to ovirt.org causes HSTS pinning for 
subdomains
                 Key: OVIRT-1243
                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1243
             Project: oVirt - virtualization made easy
          Issue Type: Improvement
            Reporter: Evgheni Dereveanchin
            Assignee: infra


After accessing https://ovirt.org modern browser will refuse to display 
plaintext sites from all subdomains.

Example:
1) go to https://ovirt.org in Chrome
2) try to access http://jenkins.ovirt.org

Result: browser tries to connect to https so the connection fails

(to revert this - go to chrome://net-internals/#hsts and delete ovirt.org 
domain)

This happens since the following header is sent by https://ovirt.org:
Strict-Transport-Security:max-age=31536000; includeSubDomains; preload



--
This message was sent by Atlassian JIRA
(v1000.815.1#100035)
_______________________________________________
Infra mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/infra

[JIRA] (OVIRT-1243) HTTPS connection to ovirt.org causes HSTS pinning for subdomains

Reply via email to