hsts-preloaded not taken into account #456
Comments
|
Hello @mktl73, The list of sites that are hsts-preloaded is locally loaded file. It is a useful cache system but it can cause the data to be out of date. I suspect that your problem is due to this list has not been updated on the back-end. Hello @april , It seems to me that historically it is you who updates this file ? Maybe you can update the list on your side ? I can help you set up a process to update the list on a recurring basis, if needed :) |
|
I submitted a PR to update the HSTS list, but the tests haven't been updated to work with GitHub actions: So I'll let @gene1wood take a look at that and either merge or fix the tests first and then merge. Thanks! |
|
Thanks @april for the quick feedback! |
|
I've merged the PR, thank you for it April
@april Is there an issue on this or if not can you share more detail on what needs to be done in regards to tests and GitHub Actions? |
|
I don't think there's an issue on this. It should be relatively easy though - look at the travis.yml file and make that work in GA. Basically you run pip install and then nosetests and a linter. :) |
I see in the scoring methodology that sites that are "Preloaded via the HTTP Strict Transport Security (HSTS) preloading process" get an additional 5 points. We have several domains that are preloaded though we never get the +5 score
Example:
https://observatory.mozilla.org/analyze/www.skybrary.aero
https://hstspreload.org/?domain=skybrary.aero
Is this me missing something or is there an issue in the scoring.
Thanks
The text was updated successfully, but these errors were encountered: