[Pidgin] #16071: HTTP Strict Transport Security
Pidgin
trac at pidgin.im
Fri Feb 28 04:32:12 EST 2014
#16071: HTTP Strict Transport Security
---------------------------+---------------------
Reporter: fedor.brunner | Owner: kstange
Type: defect | Status: new
Milestone: | Component: webpage
Version: | Keywords: HSTS
---------------------------+---------------------
Hi,
you have installed SSL certificates for pidgin.im and subdomains, but
there still links for http://pidgin.im on pages and Wiki.
Please enable
[https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict
Transport Security] for pidgin.im web services, this will force clients to
use secure connections only.
For lighttpd it can be done using:
{{{
server.modules += ( "mod_setenv" )
$HTTP["scheme"] == "https" {
setenv.add-response-header = ("Strict-Transport-Security" => "max-
age=31536000; includeSubDomains")
}
}}}
--
Ticket URL: <https://developer.pidgin.im/ticket/16071>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list