Title: [89399] trunk/Websites/bugs.webkit.org
- Revision
- 89399
- Author
- aba...@webkit.org
- Date
- 2011-06-21 18:04:53 -0700 (Tue, 21 Jun 2011)
Log Message
2011-06-21 Adam Barth <aba...@webkit.org>
Reviewed by Darin Adler.
bugs.webkit.org should use Strict-Transport-Security
https://bugs.webkit.org/show_bug.cgi?id=63097
Strict-Transport-Security forces all connections to bugs.webkit.org to
use HTTPS, preventing sslstrip and other attacks.
* .htaccess:
Modified Paths
Diff
Modified: trunk/Websites/bugs.webkit.org/.htaccess (89398 => 89399)
--- trunk/Websites/bugs.webkit.org/.htaccess 2011-06-22 00:50:13 UTC (rev 89398)
+++ trunk/Websites/bugs.webkit.org/.htaccess 2011-06-22 01:04:53 UTC (rev 89399)
@@ -5,3 +5,6 @@
<FilesMatch ^(localconfig.js|localconfig.rdf)$>
allow from all
</FilesMatch>
+
+# Force all connections to HTTPS for 90 days at a time.
+Header set Strict-Transport-Security "max-age=7776000"
Modified: trunk/Websites/bugs.webkit.org/ChangeLog (89398 => 89399)
--- trunk/Websites/bugs.webkit.org/ChangeLog 2011-06-22 00:50:13 UTC (rev 89398)
+++ trunk/Websites/bugs.webkit.org/ChangeLog 2011-06-22 01:04:53 UTC (rev 89399)
@@ -1,3 +1,15 @@
+2011-06-21 Adam Barth <aba...@webkit.org>
+
+ Reviewed by Darin Adler.
+
+ bugs.webkit.org should use Strict-Transport-Security
+ https://bugs.webkit.org/show_bug.cgi?id=63097
+
+ Strict-Transport-Security forces all connections to bugs.webkit.org to
+ use HTTPS, preventing sslstrip and other attacks.
+
+ * .htaccess:
+
2011-05-04 Caio Marcelo de Oliveira Filho <caio.olive...@openbossa.org>
Reviewed by Adam Roben.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
