[tor-bugs] #10424 [Tor Sysadmin Team]: torproject.org doesn't send an HSTS header
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 23 23:44:47 UTC 2013
#10424: torproject.org doesn't send an HSTS header
-----------------------------------+----------------------
Reporter: zyan | Owner:
Type: defect | Status: reopened
Priority: major | Milestone:
Component: Tor Sysadmin Team | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------------+----------------------
Changes (by zyan):
* status: closed => reopened
* resolution: not a bug =>
Comment:
Why not send HSTS headers for both? Since torproject.org is in the
Chrome/Chromium HSTS preload list [1], Chrome/Chromium already behaves as
if torproject.org were sending HSTS headers. There's no reason to have
lower security levels for Firefox users.
http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10424#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list