Page MenuHomePhabricator
Create Task
Maniphest T285589

Add WMCS domains to HSTS preload list
Open, LowPublic
Actions

Description

We should add the WMCS domains, toolforge.org, wmcloud.org and wmflabs.org to the HSTS preload list: https://hstspreload.org/

To be eligible, we need to add the includeSubDomains and preload directives to the HSTS header.

All 3 domains are on the publicsuffix list, so the web form doesn't work and someone will need to manually contact them, see https://hstspreload.org/#tld

Event Timeline

Legoktm created this task.Jun 26 2021, 7:43 AM
Restricted Application edited projects, added cloud-services-team (Kanban); removed cloud-services-team. · View Herald TranscriptJun 26 2021, 7:43 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
nskaggs subscribed.Aug 10 2021, 9:57 PM

Are there any subdomains we anticipate we might not want or be able to support HTTPS on?

nskaggs triaged this task as Low priority.Aug 10 2021, 9:57 PM
taavi subscribed.Oct 9 2021, 4:46 PM

We have at least checker.tools.wmflabs.org that does not currently support HTTPS, although I imagine it should be trivial to add if necessary. wmflabs.org and wmcloud.org likely contain other similar cases not managed by us, but adding HSTS for at least Toolforge.org does make sense.

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:51 PM
fnegri moved this task from Kanban to Inbox on the cloud-services-team board.
taavi edited projects, added Cloud-VPS, Toolforge; removed Cloud-Services.Feb 7 2023, 9:26 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL