[wp-trac] [WordPress Trac] #28520: Mechanism for sending an HSTS header

WordPress Trac noreply at wordpress.org
Sun Jun 15 20:42:45 UTC 2014


#28520: Mechanism for sending an HSTS header
----------------------------+------------------
 Reporter:  johnbillion     |       Owner:
     Type:  task (blessed)  |      Status:  new
 Priority:  normal          |   Milestone:  4.0
Component:  Security        |     Version:
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+------------------

Comment (by tollmanz):

 I'm finding some flaws in the constant based method. Let's suppose that
 you run a subdomain MS installation. The constant method would set an HSTS
 header for each site, although it may only be intended for the primary
 domain or one of the other domains. Certainly, this can be filtered out at
 another level, but perhaps the constant is a bad way to get started on
 this issue.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/28520#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list