[Rack] forcing our hands w/ TLS by setting includeSubdomains on noisebridge.net HSTS
Patrick O'Doherty
p at trickod.com
Fri Apr 8 17:56:35 UTC 2016
hey folks,
Since the GA of LetsEncrypt I've wanted to make it a pattern that all
noisebridge services operate over TLS.
It occurred to me this morning that we could theoretically force our own
hands with this by setting the includeSubdomains flag on the HSTS header
on noisebridge.net, meaning that any service that we run on a subdomain
*must* run over HTTPS. [0]
I know there's a few subdomains like lists.noisebridge.net which would
need to be upgraded immediately, but I can take care of that.
Is there any good reason *not* to do this?
p
[0] -
https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://www.noisebridge.net/pipermail/rack/attachments/20160408/8bf8eb9d/attachment-0002.sig>
More information about the Rack
mailing list