Project

General

Profile

Actions
Copy link

action #14204

closed

openqa.opensuse.org sends an HSTS header twice

Added by dheidler over 7 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2016-10-13
Due date:
% Done:

0%

Estimated time:

Description

See also: https://www.ssllabs.com/ssltest/analyze.html?d=openqa.opensuse.org&s=2001%3a67c%3a2178%3a8%3a0%3a0%3a0%3a19&latest

% curl -I https://openqa.opensuse.org/
HTTP/1.1 200 OK
Date: Thu, 13 Oct 2016 12:35:15 GMT
Server: Mojolicious (Perl)
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 45523
Content-Type: text/html;charset=UTF-8
Set-Cookie: mojolicious=[...]; expires=Sat, 15 Oct 2016 12:35:15 GMT; path=/; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains

So the Header Strict-Transport-Security: max-age=31536000; includeSubDomains is sent twice.

https://openqa.suse.de doesn't have this problem.

Actions
Copy link
 #1

Updated by coolo over 7 years ago

the difference is that with openqa.suse.de you're talking to its apache directly. With openqa.opensuse.org you're talking to HA proxy - openqa.opensuse.org doesn't even know the cerificate, HA proxy has it and then proxies HTTP.

So this is not an openqa issue and happens most likely with all opensuse.org hosts on https

Actions
Copy link
 #2

Updated by coolo over 7 years ago

  • Status changed from New to Rejected

file an opensuse-admin ticket - this is not an openqa problem (if it's a problem at all)

Actions
Copy link

Also available in: Atom PDF