savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[savannah-help-public] [sr #109089] Cannot access cgit pages

From: Bob Proulx
Subject: [savannah-help-public] [sr #109089] Cannot access cgit pages
Date: Sun, 17 Jul 2016 05:49:32 +0000 (UTC)
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 
Follow-up Comment #7, sr #109089 (project administration):

gnu.org and www.gnu.org have indeed enabled HSTS. The headers are:

  HTTP/1.1 200 OK
  Date: Sun, 17 Jul 2016 05:41:27 GMT
  Server: Apache/2.4.7
  Content-Location: home.html
  Vary: negotiate,accept-language,Accept-Encoding
  TCN: choice
  Strict-Transport-Security: max-age=63072000
  Access-Control-Allow-Origin: (null)
  Accept-Ranges: bytes
  Cache-Control: max-age=0
  Expires: Sun, 17 Jul 2016 05:41:27 GMT
  Keep-Alive: timeout=3, max=100
  Connection: Keep-Alive
  Transfer-Encoding: chunked
  Content-Type: text/html
  Content-Language: en

However that does not include includeSubDomains directive. Therefore it should
not apply to subdomains. See RFC 6797.

I tested this using both Firefox and Chromium. I first went to
https://gnu.org/ which redirects to https://www.gnu.org/ to set up the
environment with HSTS. Then I went to
http://git.savannah.gnu.org/cgit/coreutils.git to see what it would do in both
of those browsers. Both went to http and neither went to https.

I don't know what is going on yet. We will have to keep looking.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?109089>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]