Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update HSTS preloading recommendation in hardening section of the admin manual #4779

Closed
lgarron opened this issue May 10, 2017 · 3 comments · Fixed by nextcloud/documentation#462
Closed

Update HSTS preloading recommendation in hardening section of the admin manual #4779

lgarron opened this issue May 10, 2017 · 3 comments · Fixed by nextcloud/documentation#462
Labels
3. to review Waiting for reviews bug
Milestone
Nextcloud 12.0

Comments

@lgarron
Copy link

lgarron commented May 10, 2017

An article on your site contains a recommended HSTS header value that includes preload in the only example: https://docs.nextcloud.com/server/9/admin_manual/configuration_server/harden_server.html

This is going to shoot developers in the foot, and also doesn't guarantee preloading unless someone submits the site to hstspreload.org separetely. See https://hstspreload.org/#opt-in (and chromium/hstspreload.org#68)
Could you update your guide to remove it, or list two examples, the second of which explains preloading and links to hstspreload.org?

(I tried pinging at https://twitter.com/Nextclouders/status/805161033975398400 and emailing the contact address on your site, but that hasn't resulted in a response over the last 6 months.)
@MorrisJobke
Copy link
Member

Ummm ... @LukasReschke didn't we talked about this yesterday?

@lgarron sorry for the unresponsiveness

@MorrisJobke MorrisJobke added this to the Nextcloud 12.0 milestone May 10, 2017
@MorrisJobke
Copy link
Member

@MariusBluem Do you want to update the documentation for this?

@MorrisJobke MorrisJobke mentioned this issue May 15, 2017
Merged
@MorrisJobke
Copy link
Member

Fix is in nextcloud/documentation#462

@MorrisJobke MorrisJobke added the 3. to review Waiting for reviews label May 15, 2017
@snyk-bot snyk-bot mentioned this issue Jan 24, 2022
Open
@gmright2 gmright2 mentioned this issue Oct 19, 2022
Open
@yesiamdollar yesiamdollar mentioned this issue Nov 9, 2023
Open
This was referenced Apr 8, 2024
Open
Open
@yesiamdollar yesiamdollar mentioned this issue May 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3. to review Waiting for reviews bug
Projects
None yet
Milestone
Nextcloud 12.0
Development

Successfully merging a pull request may close this issue.

Add notice about HSTS preload option nextcloud/documentation
2 participants
@MorrisJobke @lgarron