search

laurentj / slimerjs

A scriptable browser like PhantomJS, based on Firefox
http://slimerjs.org
Other
3k stars 259 forks source link

HSTS preload SlimerJS.org #404

Open graingert opened 8 years ago

graingert commented 8 years ago

In your nginx/etc server config can you add:

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

This will prevent TLS downgrades when browsing slimerjs.org

graingert commented 8 years ago

@laurentj you should also 301 http://(www\.)?slimerjs\.org/ to https://slimerjs.org/

graingert commented 8 years ago

@laurentj currently I rely on HTTPS everywhere to ensure I have the correct package.

laurentj commented 7 years ago

it has been added since months :-)

graingert commented 7 years ago

Can you reopen until the bugs are fixed: https://hstspreload.org/?domain=slimerjs.org

On 12 Apr 2017 08:46, "Laurent Jouanneau" notifications@github.com wrote:

it has been added since months :-)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/laurentj/slimerjs/issues/404#issuecomment-293500405, or mute the thread https://github.com/notifications/unsubscribe-auth/AAZQTBfJMkOe5DybYnYvxTFVMjxhxA8Gks5rvIFlgaJpZM4GmT-t .