Libravatar (obsolete)

Redirect from libravatar.org to https://libravatar.org first

Bug #1355383 reported by François Marier on 2014-08-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Libravatar (obsolete)	Confirmed	Medium	Unassigned

Bug Description

As suggested in https://garron.net/crypto/hsts/hsts-2013.pdf, once bug 1355378 is fixed, we should change the top-level redirect to:

http://libravatar.org -> https://libravatar.org -> https://www.libravatar.org

to ensure that the redirecting browser will pick up the HSTS settings for the bare domain before hitting the front page.

Tags:

Revision history for this message

François Marier (fmarier) wrote on 2014-11-06:

This will require adding a new "base domain" debconf question.

Revision history for this message

François Marier (fmarier) wrote on 2014-11-06:

This is what I tested on production:

+<VirtualHost *:80>
+ ServerName libravatar.org
+ ServerAdmin <email address hidden>
+ Redirect permanent / https://libravatar.org/
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName libravatar.org
+ ServerAdmin <email address hidden>
+ Header always add Strict-Transport-Security: "max-age=15768000"
+ Redirect permanent / https://www.libravatar.org/
+</VirtualHost>

François Marier (fmarier) on 2018-10-05

Changed in libravatar:
assignee:	François Marier (fmarier) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.