Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the custom HSTS Domain settings #10620

Open
ericholscher opened this issue Aug 9, 2023 · 2 comments
Open

Remove the custom HSTS Domain settings #10620

ericholscher opened this issue Aug 9, 2023 · 2 comments
Labels
Accepted Accepted issue on our roadmap Improvement Minor improvement to code
Milestone
Refactoring

Comments

@ericholscher
Copy link
Member

ericholscher commented Aug 9, 2023
edited
Loading

We currently have custom HSTS-specific settings in the Domain object. We should migrate these to the normal Header configuration that we have for all our other headers:

readthedocs.org/readthedocs/projects/models.py

Lines 1798 to 1812 in c4996c2

# Strict-Transport-Security header options
# These are not exposed to users because it's easy to misconfigure things
# and hard to back out changes cleanly
hsts_max_age = models.PositiveIntegerField(
default=0,
help_text=_('Set a custom max-age (eg. 31536000) for the HSTS header')
)
hsts_include_subdomains = models.BooleanField(
default=False,
help_text=_('If hsts_max_age > 0, set the includeSubDomains flag with the HSTS header')
)
hsts_preload = models.BooleanField(
default=False,
help_text=_('If hsts_max_age > 0, set the preload flag with the HSTS header')
)

readthedocs.org/readthedocs/projects/models.py

Line 1854 in c4996c2

class HTTPHeader(TimeStampedModel, models.Model):

@humitos humitos added Improvement Minor improvement to code Accepted Accepted issue on our roadmap labels Sep 15, 2023
@humitos humitos added this to the Refactoring milestone Sep 15, 2023
@akordata
Copy link

akordata commented Mar 13, 2024
edited
Loading

I will work on this!

@isdanni
Copy link

isdanni commented Mar 14, 2024

@ericholscher can you show an example of what a normal header looks like? From #6953 it looks like HSTS related header config is added directly without changing anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Accepted Accepted issue on our roadmap Improvement Minor improvement to code
Projects
📍Roadmap
Status: Planned
Milestone
Refactoring
Development

No branches or pull requests
4 participants
@ericholscher @humitos @isdanni @akordata