It seems there are no HSTS headers for openoffice.org. There should also
be redirects to HTTPS.
Note that this is kind of important because (within months) executable
downloads will be forbidden over HTTP. It actually should have happened
with Chrome 85, but I believe it was delayed due to covid (as was TLS
1.0 depreciation).
curl -s -D - "http://openoffice.org/"; -o nul
HTTP/1.1 302 Found
Date: Sun, 15 Nov 2020 14:00:20 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: http://www.openoffice.org/
Content-Length: 210
Content-Type: text/html; charset=iso-8859-1
This should be:
Location: https://www.openoffice.org/
This should also redirect with 302 instead of 200.
curl -s -D - "http://www.openoffice.org/"; -o nul
HTTP/1.1 200 OK
Date: Sun, 15 Nov 2020 14:00:34 GMT
Server: Apache/2.4.18 (Ubuntu)
Accept-Ranges: bytes
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html
And once that is done "https://www.openoffice.org/"; should return:
Strict-Transport-Security: max-age=2592000; includeSubDomains
I assume that using sub-domains variant is OK, because there is a
wildcard certificate.
And after all that, the grade on SSL Labs test should be upgraded to A+ 🙂
Cheers,
Nux.
---------------------------------------------------------------------
To unsubscribe, e-mail: l10n-unsubscr...@openoffice.apache.org
For additional commands, e-mail: l10n-h...@openoffice.apache.org
