Update git submodules
* Update puppet-graphite from branch 'master' - Merge "Enable RFC 6797 HSTS signaling" - OpenDev Migration Patch This commit was bulk generated and pushed by the OpenDev sysadmins as a part of the Git hosting and code review systems migration detailed in these mailing list posts: http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html Attempts have been made to correct repository namespaces and hostnames based on simple pattern matching, but it's possible some were updated incorrectly or missed entirely. Please reach out to us via the contact information listed at https://opendev.org/ with any questions you may have. - Enable RFC 6797 HSTS signaling The HTTP Strict Transport Security (HSTS) mechanism defined in IETF RFC 6797 allows us to indicate to clients that the site to which they are connecting should only every be reached over an encrypted HTTPS connection, in an effort to thwart protocol downgrade attacks which could convince a client to fall back to plaintext HTTP. Set such a policy header for the SSL vhost, valid for one year, and indicate that this policy also applies to any subdomains of the hostname with which the site is served (even though it's unlikely that there would ever be any in this case, this is useful for consistency with inclusion in other vhost templates in the future). While HSTS policy can't prevent downgrade attacks the very first time a client connects to this site, thereafter their browser would be wary of connecting over plain HTTP for subsequent connections for a full year. Change-Id: If5c2f3b70e7f7646bf6168e8942aee0ecb7c2ec8
This commit is contained in:
parent
d56e6a60e7
commit
753107fe7c
|
@ -1 +1 @@
|
|||
Subproject commit 8a0e111327d5d2e0e387edcfe4493ddac9d63c70
|
||||
Subproject commit 7ee0c28e0cb738b3a02b48b447e3d3221089554e
|
Loading…
Reference in New Issue