Open mktl73 opened 2 years ago
Hello @mktl73,
The list of sites that are hsts-preloaded is locally loaded file. It is a useful cache system but it can cause the data to be out of date. I suspect that your problem is due to this list has not been updated on the back-end.
Hello @april , It seems to me that historically it is you who updates this file ? Maybe you can update the list on your side ? I can help you set up a process to update the list on a recurring basis, if needed :)
I submitted a PR to update the HSTS list, but the tests haven't been updated to work with GitHub actions:
https://github.com/mozilla/http-observatory/pull/457
So I'll let @gene1wood take a look at that and either merge or fix the tests first and then merge.
Thanks!
Thanks @april for the quick feedback!
Thanks @april and @GreyXor for the actions.
I've merged the PR, thank you for it April
tests haven't been updated to work with GitHub actions
@april Is there an issue on this or if not can you share more detail on what needs to be done in regards to tests and GitHub Actions?
I don't think there's an issue on this. It should be relatively easy though - look at the travis.yml file and make that work in GA. Basically you run pip install and then nosetests and a linter. :)
@april I've opened #458 to switch to GitHub Actions, if you feel like taking a glance at it, I can merge it if it looks good.
I see in the scoring methodology that sites that are "Preloaded via the HTTP Strict Transport Security (HSTS) preloading process" get an additional 5 points. We have several domains that are preloaded though we never get the +5 score
Example: https://observatory.mozilla.org/analyze/www.skybrary.aero https://hstspreload.org/?domain=skybrary.aero
Is this me missing something or is there an issue in the scoring. Thanks