[OmniOS-discuss] Wiki is slightly broken
contact at jacobvosmaer.nl
Mon Apr 25 18:55:14 UTC 2016
It seems like I accidentally took this thread off-list. I think the summary
for everyone else is: HSTS on omniti.com accidentally trickled down to
omnios.omniti.com, affecting visitors who loaded up omnios.omniti.com at
just the right (wrong) time. HSTS headers should have been fixed now.
2016-04-25 20:46 GMT+02:00 Eric Sproul <eric.sproul at circonus.com>:
> Hi Jacob,
> The OmniTI folks did roll out HSTS recently, but (as I'm sure many
> others have) quickly realized that including all subdomains wasn't
> feasible. They now no longer set that for omniti.com, and have set
> the max-age parameter to 1 second. I'm not sure how you go about
> clearing the HSTS info from your browser, but if you do that, you
> should be good.
> On Mon, Apr 25, 2016 at 10:35 AM, Eric Sproul <eric.sproul at circonus.com>
> > On Mon, Apr 25, 2016 at 10:26 AM, Jacob Vosmaer <contact at jacobvosmaer.nl>
> >> Thanks Eric.
> >> I am not using HTTPS Everywhere. According to
> >> omnios.omniti.com my Chrome thinks omnios.omniti.com wants 'Strict
> >> Security'.
> >> static_sts_domain: omniti.com
> >> static_upgrade_mode: STRICT
> >> static_sts_include_subdomains: true
> >> static_sts_observed: 1461128400
> >> That timestamp is about five days ago. Could it be that OmniTI
> >> deployed HSTS and I got unlucky?
> > Interesting... I'll ask my OmniTI colleagues.
> > Eric
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OmniOS-discuss