Hi Mike, We are in the process in deploying the hsts/https config from www-test to our production servers. However, we got a snatch that wasn't detected during our tests: the latest released firefox (40.0.3) doesn't seem to apply the hsts rule before checking for mixed-content warning. Today we had a news item with an absolute HTTP link to an image and this revelead it. Firefox will also complain if there are absolute http links to CSS files. There is already a report for this issue and it is still open: https://bugzilla.mozilla.org/show_bug.cgi?id=838395 In view of this, if there is no immediate solution we could apply, we're going to have to roll-back the deployment and wait until it is fixed. Any suggestions before we do this will be welcome. Thanks, -jose On Mon, Sep 14, 2015 at 03:02:21PM +0200, Mike West wrote: > > Ping. :) How have the tests been going over the last ~2 months? Any update > on this work?Received on Monday, 21 September 2015 10:29:07 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:51 UTC