[Pidgin] #16071: HTTP Strict Transport Security

Pidgin trac at pidgin.im
Fri Feb 28 04:32:12 EST 2014

#16071: HTTP Strict Transport Security
 Reporter:  fedor.brunner  |      Owner:  kstange
     Type:  defect         |     Status:  new
Milestone:                 |  Component:  webpage
  Version:                 |   Keywords:  HSTS
 you have installed SSL certificates for pidgin.im and subdomains, but
 there still links for http://pidgin.im on pages and Wiki.

 Please enable
 [https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict
 Transport Security] for pidgin.im web services, this will force clients to
 use secure connections only.

 For lighttpd it can be done using:
 server.modules += ( "mod_setenv" )
 $HTTP["scheme"] == "https" {
     setenv.add-response-header  = ("Strict-Transport-Security" => "max-
 age=31536000; includeSubDomains")

Ticket URL: <https://developer.pidgin.im/ticket/16071>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list