#4991 add hsts header of id.fedoraproject.org
Closed: Fixed None Opened 8 years ago by till.

id.fedoraproject.org is not using a HSTS header after there were problems making .id.fedoraproject.org sslonly. As far as I understood it should be possible to set a HSTS header for id.fedoraproject.org as long as there are no redirects to https for .id.fedoraproject.org. The attached patch should take care of this. Please review and apply it.


This needs includeSubDomains disabled because as discussed you can't make any assumptions about the relying parties' http client implementation.

here is an updated patch

Thank you, this has been merged and is live.

Login to comment on this ticket.

Metadata