Last modified: 2014-11-10 15:47:12 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T37079, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 35079 - Send Strict-Transport-Security header


Summary:	Send Strict-Transport-Security header

Status:	NEW

Product:	MediaWiki
Classification:	Unclassified
Component:	General/Unknown (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Low enhancement (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:	38516
Blocks:
	Show dependency tree / graph

Reported:	2012-03-09 09:47 UTC by Danny B.
Modified:	2014-11-10 15:47 UTC (History)
CC List:	1 user (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Danny B. 2012-03-09 09:47:35 UTC

[[HTTP Strict Transport Security]] header should be sent by MediaWiki.

Comment 1 Sam Reed (reedy) 2012-03-10 02:54:21 UTC

This will seemingly also require some server side configuration for it to be enabled on WMF projects

Comment 2 Andre Klapper 2013-03-13 11:18:51 UTC

(In reply to comment #1)
> will also require some server side configuration on WMF projects

Covered in bug 38516

Comment 3 Seb35 2014-11-10 15:47:12 UTC

The extension HSTS https://www.mediawiki.org/wiki/Extension:HSTS does exactly this (adding STS header) with some possibility to customise it per user, by means of BetaFeature if it is installed or a classical preference else.

Does it answer to the bug, or should it stay open to discuss about adding HSTS in MediaWiki core? (for the Wikimedia sites, see bug 38516.)

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links