Planet
navi homePPSaboutscreenshotsdownloaddevelopmentforum

Opened 8 years ago

Closed 8 years ago

#488 closed defect (fixed)

svn.orxonox.net redirects HTTP to HTTPS

Reported by: landauf Owned by:
Priority: critical Milestone: IT: Server Maintenance
Component: IT Version:
Keywords: Cc:
Referenced By: References:

Description

In general it seems to be possible to access http://svn.orxonox.net/ (i.e. without HTTPS and without login) but once the Webbrowser has accessed https://svn.orxonox.net/ (i.e. with HTTPS and login) all subsequent calls to HTTP are forwarded to HTTPS.

It might be due to the "improved" SSL-Settings (see #475) which include HSTS (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) but this is just a wild guess.

Change History (1)

comment:1 Changed 8 years ago by landauf

  • Resolution set to fixed
  • Status changed from new to closed

It was in fact HSTS.

It is now disabled on svn.orxonox.net by adding this line to /etc/apache2/sites-available/svn.orxonox_secure.conf:

Header always set Strict-Transport-Security "max-age=0"
Note: See TracTickets for help on using tickets.