Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(mc-html-template): add preload and includeSubDomains to header #2242

Merged
merged 2 commits into from
Jun 4, 2021
Merged

fix(mc-html-template): add preload and includeSubDomains to header #2242

merged 2 commits into from
Jun 4, 2021

Conversation

tdeekens
Copy link
Contributor

@tdeekens tdeekens commented Jun 4, 2021
edited
Loading

Summary

This adds the preload and includeSubDomains attributes to the Strict-Transport-Security header.

Description

Using hstspreload.org it is advised to preload (not part of the spec) and add the includeSubDomains attributes. More about HTS here.

CleanShot 2021-06-04 at 09 08 46@2x

I don't see a strict reason against adding those.

@vercel
Copy link

vercel bot commented Jun 4, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/commercetools/merchant-center-application-kit/6jowUrSE79mNEDGmkBSLEaxc3ykS
✅ Preview: https://merchant-cente-git-strict-transport-security-commer-16af17.vercel.app

@changeset-bot
Copy link

changeset-bot bot commented Jun 4, 2021
edited
Loading

🦋 Changeset detected

Latest commit: 1879af1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@commercetools-frontend/mc-html-template Patch
@commercetools-frontend/mc-scripts Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@tdeekens tdeekens requested a review from a team June 4, 2021 07:10
@vercel vercel bot temporarily deployed to Preview June 4, 2021 07:14 Inactive
@tdeekens
Copy link
Contributor Author

tdeekens commented Jun 4, 2021

I was hesitant of the includeSubDomain directive. However, I checked and all subdomains under ct.com have HTTPs enabled so there shouldn't be any issues.

@tdeekens
Copy link
Contributor Author

tdeekens commented Jun 4, 2021

Confirmed with SRE, using includeSubDomains is fine.

@tdeekens tdeekens merged commit dc99469 into main Jun 4, 2021
@tdeekens tdeekens deleted the strict-transport-security branch June 4, 2021 09:12
@ghost ghost mentioned this pull request Jun 4, 2021
Merged
@emmenko emmenko mentioned this pull request Jun 21, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@islam3zzat islam3zzat islam3zzat approved these changes

@mohib0306 mohib0306 mohib0306 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tdeekens @islam3zzat @mohib0306