[Pidgin] #16071: HTTP Strict Transport Security
Pidgin
trac at pidgin.im
Fri Feb 28 04:33:12 EST 2014
#16071: HTTP Strict Transport Security
---------------------------+----------------------
Reporter: fedor.brunner | Owner: kstange
Type: defect | Status: new
Milestone: | Component: webpage
Version: | Resolution:
Keywords: HSTS |
---------------------------+----------------------
Description changed by fedor.brunner:
Old description:
> Hi,
> you have installed SSL certificates for pidgin.im and subdomains, but
> there still links for http://pidgin.im on pages and Wiki.
>
> Please enable
> [https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict
> Transport Security] for pidgin.im web services, this will force clients
> to use secure connections only.
>
> For lighttpd it can be done using:
> {{{
> server.modules += ( "mod_setenv" )
> $HTTP["scheme"] == "https" {
> setenv.add-response-header = ("Strict-Transport-Security" => "max-
> age=31536000; includeSubDomains")
> }
> }}}
New description:
Hi,
you have installed SSL certificates for pidgin.im and subdomains, but
there are still links for http://pidgin.im on pages and Wiki.
Please enable
[https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict
Transport Security] for pidgin.im web services, this will force clients to
use secure connections only.
For lighttpd it can be done using:
{{{
server.modules += ( "mod_setenv" )
$HTTP["scheme"] == "https" {
setenv.add-response-header = ("Strict-Transport-Security" => "max-
age=31536000; includeSubDomains")
}
}}}
--
--
Ticket URL: <https://developer.pidgin.im/ticket/16071#comment:1>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list