mozilla / http-observatory

Mozilla HTTP Observatory
https://observatory.mozilla.org/
Mozilla Public License 2.0
1.86k stars 170 forks source link

hsts-preloaded not taken into account #456

Open mktl73 opened 2 years ago

mktl73 commented 2 years ago

I see in the scoring methodology that sites that are "Preloaded via the HTTP Strict Transport Security (HSTS) preloading process" get an additional 5 points. We have several domains that are preloaded though we never get the +5 score

Example: https://observatory.mozilla.org/analyze/www.skybrary.aero https://hstspreload.org/?domain=skybrary.aero

Is this me missing something or is there an issue in the scoring. Thanks

GreyXor commented 2 years ago

Hello @mktl73,

The list of sites that are hsts-preloaded is locally loaded file. It is a useful cache system but it can cause the data to be out of date. I suspect that your problem is due to this list has not been updated on the back-end.

Hello @april , It seems to me that historically it is you who updates this file ? Maybe you can update the list on your side ? I can help you set up a process to update the list on a recurring basis, if needed :)

april commented 2 years ago

I submitted a PR to update the HSTS list, but the tests haven't been updated to work with GitHub actions:

https://github.com/mozilla/http-observatory/pull/457

So I'll let @gene1wood take a look at that and either merge or fix the tests first and then merge.

Thanks!

GreyXor commented 2 years ago

Thanks @april for the quick feedback!

mktl73 commented 2 years ago

Thanks @april and @GreyXor for the actions.

gene1wood commented 2 years ago

I've merged the PR, thank you for it April

tests haven't been updated to work with GitHub actions

@april Is there an issue on this or if not can you share more detail on what needs to be done in regards to tests and GitHub Actions?

april commented 2 years ago

I don't think there's an issue on this. It should be relatively easy though - look at the travis.yml file and make that work in GA. Basically you run pip install and then nosetests and a linter. :)

gene1wood commented 2 years ago

@april I've opened #458 to switch to GitHub Actions, if you feel like taking a glance at it, I can merge it if it looks good.