HTTPS enabled for remaining OpenJDK subdomains
mark.reinhold at oracle.com
mark.reinhold at oracle.com
Tue Sep 25 17:10:43 UTC 2018
2018/9/25 9:02:35 -0700, Sergey Ponomarev <stokito at gmail.com>:
> I made small test:
>
> cr.openjdk.java.net
> Redirect from HTTP to HTTPS: no, this can be definetely made
> Upgrade-Insecure-Requests: ignored
> HSTS - none
> SCP: yes, but may be more strict. Use SCP Evaluator
> <https://chrome.google.com/webstore/detail/csp-evaluator/fjohamlofnakbnbfjkohkbdigoodcejf>
> to debug.
>
> ...
Thanks -- we’re aware of all of these issues. As I said, we’ll
configure such redirects and policies after we test unforced HTTPS
for a couple of weeks.
- Mark
More information about the discuss
mailing list