Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test HTTP Strict Transport Security header #164

Merged
merged 1 commit into from
Sep 25, 2023
Merged

Test HTTP Strict Transport Security header #164

merged 1 commit into from
Sep 25, 2023

Conversation

gthvn1
Copy link
Contributor

@gthvn1 gthvn1 commented Aug 29, 2023

By default the HSTS header is not added by XAPI server. This test checks that it is the case and it also tests that once the HSTS is enabled it is added by the server. It is enabled by setting add_hsts_response_header to true in XAPI conf.

@gthvn1
Test HTTP Strict Transport Security header
5edb517 
By default the HSTS header is not added by XAPI server. This test checks
that it is the case and it also tests that once the HSTS is enabled it is
added by the server. It is enabled by setting add_hsts_response_header
to true in XAPI conf.

Signed-off-by: Guillaume <[email protected]>
@gthvn1 gthvn1 mentioned this pull request Aug 29, 2023
Closed
@gthvn1
Copy link
Contributor Author

gthvn1 commented Sep 12, 2023

We still need to backport the HSTS that has been merged upstream xen-api PR 5069 to be able to run this test. Or wait an update of our xapi to a more recent xen-api.

@gthvn1
Copy link
Contributor Author

gthvn1 commented Sep 12, 2023

@benjamreis & @stormi I added you as reviewers because I closed the previous PR #152 by deleting branch on my repo. But there is nothing new. Sorry for the spam...

@stormi
Copy link
Member

stormi commented Sep 25, 2023

XAPI was updated to 23.24.0, so this test can be merged now.

@stormi stormi merged commit 2346148 into master Sep 25, 2023
4 checks passed
@stormi stormi deleted the gtn-test-hsts branch September 25, 2023 10:57
@stormi
Copy link
Member

stormi commented Sep 25, 2023

Merging was a mistake: the test was never adapted after the merge of the upstream PR, 3 months ago. The configuration key the fixture needs to define is hsts_max_age.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benjamreis benjamreis benjamreis approved these changes

@stormi stormi Awaiting requested review from stormi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gthvn1 @stormi @benjamreis