Redirect from libravatar.org to https://libravatar.org first

Bug #1355383 reported by François Marier on 2014-08-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Libravatar
Medium
Unassigned

Bug Description

As suggested in https://garron.net/crypto/hsts/hsts-2013.pdf, once bug 1355378 is fixed, we should change the top-level redirect to:

  http://libravatar.org -> https://libravatar.org -> https://www.libravatar.org

to ensure that the redirecting browser will pick up the HSTS settings for the bare domain before hitting the front page.

François Marier (fmarier) wrote :

This will require adding a new "base domain" debconf question.

François Marier (fmarier) wrote :

This is what I tested on production:

+<VirtualHost *:80>
+ ServerName libravatar.org
+ ServerAdmin <email address hidden>
+ Redirect permanent / https://libravatar.org/
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName libravatar.org
+ ServerAdmin <email address hidden>
+ Header always add Strict-Transport-Security: "max-age=15768000"
+ Redirect permanent / https://www.libravatar.org/
+</VirtualHost>

Changed in libravatar:
assignee: François Marier (fmarier) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers