search

internetstandards / Internet.nl

Internet standards compliance test suite
https://internet.nl
175 stars 37 forks source link

Add request URI in redirect of platforminternet[standaarden].nl #1109

Closed bwbroersma closed 9 months ago

bwbroersma commented 1 year ago

Add request URI in redirect of platforminternet[standaarden].nl, so .well-known/security.txt redirects correctly:

$ curl -sSfLD- -o /dev/null \
-A 'Mozilla/5.0 (compatible; HumanWithCurl/0.1; +https://github.com/internetstandards/Internet.nl/issues/1109)' \
 'https://platforminternet.nl/.well-known/security.txt'

Currently resolves in:

HTTP/2 301 
date: Sat, 14 Oct 2023 11:10:46 GMT
server: Apache
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=36817200
content-security-policy: default-src 'self'
location: https://internet.nl/
content-length: 298
content-type: text/html; charset=iso-8859-1

HTTP/2 200 
date: Sat, 14 Oct 2023 11:10:46 GMT
server: intentionally-undisclosed-internetnl-139sj2W9kB8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-clacks-overhead: GNU Terry Pratchett
strict-transport-security: max-age=36817200
content-type: text/html; charset=utf-8
content-security-policy: base-uri 'self' *.internet.nl; frame-ancestors 'none'; default-src 'self' *.internet.nl; form-action 'self' *.internet.nl
content-length: 11474
bwbroersma commented 9 months ago 
$ curl -sSfLD- -o /dev/null \
-A 'Mozilla/5.0 (compatible; HumanWithCurl/0.1; +https://github.com/internetstandards/Internet.nl/issues/1109)' \
 'https://platforminternet.nl/.well-known/security.txt'

Now is okay:

HTTP/2 301 
server: nginx
date: Tue, 09 Jan 2024 17:33:08 GMT
content-type: text/html
content-length: 162
location: https://internet.nl/.well-known/security.txt
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-clacks-overhead: GNU Terry Pratchett
referrer-policy: same-origin
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000;
content-security-policy: default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'

HTTP/2 200 
server: nginx
date: Tue, 09 Jan 2024 17:33:08 GMT
content-type: text/plain
content-length: 2190
last-modified: Wed, 13 Dec 2023 14:20:28 GMT
etag: "6579bdac-88e"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-clacks-overhead: GNU Terry Pratchett
referrer-policy: same-origin
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000;
accept-ranges: bytes

Fxied in the mega-merge https://github.com/internetstandards/Internet.nl/commit/21baea392039ede54257f729cf951d6d6e129199, nginx line involved: https://github.com/internetstandards/Internet.nl/blob/8d5bfa2780d497b5fbcde64046e7ad49c9a0dc49/docker/webserver/nginx_templates/app.conf.template#L146