Mahara

Allow override of the HSTS setting if being set downstream

Bug #1875750 reported by Robert Lyon on 2020-04-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Wishlist	Unassigned	Mahara 20.10.0

To avoid the Strict-Transport-Security header being set twice

Tags:

Robert Lyon (robertl-9) on 2020-04-28

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-04-28: A patch has been submitted for review

Robert Lyon (robertl-9) on 2020-04-28

Changed in mahara:
milestone:	20.04rc2 → 20.10.0

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2020-05-20: A change has been merged

commit 23301cfe58e4272c63ff42bdf4428baedc866a41
Author: Robert Lyon <email address hidden>
Date: Wed Apr 29 08:36:00 2020 +1200

Bug 1875750: Allow for HSTS override setting

In case the site already sets this value at the webserver level or
some other point downstream

Change-Id: I128d3b7f2b52bee330e91e66e6e066c3c7532578
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2020-05-20

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2020-05-24:

If NGinx sets HSTS headers as well, then you can turn the setting off in Mahara:

To verify things are working you should see in the headers
strict-transport-security: max-age=15768000

and not
strict-transport-security: max-age=63072000
strict-transport-security: max-age=15768000

Cecilia Vela Gurovic (ceciliavg) on 2020-07-13

tags:

added: newfeature
removed: nominatedfeature

Robert Lyon (robertl-9) on 2020-10-22

Changed in mahara:
status:	Fix Committed → Fix Released

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.