[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[savannah-help-public] [sr #109089] Cannot access cgit pages
From: |
Bob Proulx |
Subject: |
[savannah-help-public] [sr #109089] Cannot access cgit pages |
Date: |
Sun, 17 Jul 2016 05:49:32 +0000 (UTC) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 |
Follow-up Comment #7, sr #109089 (project administration):
gnu.org and www.gnu.org have indeed enabled HSTS. The headers are:
HTTP/1.1 200 OK
Date: Sun, 17 Jul 2016 05:41:27 GMT
Server: Apache/2.4.7
Content-Location: home.html
Vary: negotiate,accept-language,Accept-Encoding
TCN: choice
Strict-Transport-Security: max-age=63072000
Access-Control-Allow-Origin: (null)
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sun, 17 Jul 2016 05:41:27 GMT
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
Content-Language: en
However that does not include includeSubDomains directive. Therefore it should
not apply to subdomains. See RFC 6797.
I tested this using both Firefox and Chromium. I first went to
https://gnu.org/ which redirects to https://www.gnu.org/ to set up the
environment with HSTS. Then I went to
http://git.savannah.gnu.org/cgit/coreutils.git to see what it would do in both
of those browsers. Both went to http and neither went to https.
I don't know what is going on yet. We will have to keep looking.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?109089>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/