Chmarkine has uploaded a new change for review. https://gerrit.wikimedia.org/r/222270
Change subject: Wikidata - HSTS include subdomains and preload ...................................................................... Wikidata - HSTS include subdomains and preload wikidata.org only has four subdomains, all of which don't have certificate issues. So I believe it's safe to add "includeSubDomains" and "preload" tokens so that it can be preloaded. Bug: T104244 Change-Id: Iab425da3cf2d6c68ed313eec0993584374701349 --- M modules/varnish/templates/vcl/wikimedia.vcl.erb 1 file changed, 6 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/70/222270/1 diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb b/modules/varnish/templates/vcl/wikimedia.vcl.erb index 859828f..cd804ec 100644 --- a/modules/varnish/templates/vcl/wikimedia.vcl.erb +++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb @@ -224,7 +224,12 @@ // successfully reached us over HTTPS for the given domainname. if (req.http.X-Forwarded-Proto == "https") { if (!resp.http.Strict-Transport-Security) { - set resp.http.Strict-Transport-Security = "max-age=15768000"; + if (req.http.Host ~ "(?i)(^|\.)wikidata\.org$") { + set resp.http.Strict-Transport-Security = "max-age=15768000; includeSubDomains; preload"; + } + else { + set resp.http.Strict-Transport-Security = "max-age=15768000"; + } } } } -- To view, visit https://gerrit.wikimedia.org/r/222270 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iab425da3cf2d6c68ed313eec0993584374701349 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine <chmark...@hotmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits