-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hsts-preloaded not taken into account #456
Comments
Hello @mktl73, The list of sites that are hsts-preloaded is locally loaded file. It is a useful cache system but it can cause the data to be out of date. I suspect that your problem is due to this list has not been updated on the back-end. Hello @april , It seems to me that historically it is you who updates this file ? Maybe you can update the list on your side ? I can help you set up a process to update the list on a recurring basis, if needed :) |
I submitted a PR to update the HSTS list, but the tests haven't been updated to work with GitHub actions: So I'll let @gene1wood take a look at that and either merge or fix the tests first and then merge. Thanks! |
Thanks @april for the quick feedback! |
I've merged the PR, thank you for it April
@april Is there an issue on this or if not can you share more detail on what needs to be done in regards to tests and GitHub Actions? |
I don't think there's an issue on this. It should be relatively easy though - look at the travis.yml file and make that work in GA. Basically you run pip install and then nosetests and a linter. :) |
I see in the scoring methodology that sites that are "Preloaded via the HTTP Strict Transport Security (HSTS) preloading process" get an additional 5 points. We have several domains that are preloaded though we never get the +5 score
Example:
https://observatory.mozilla.org/analyze/www.skybrary.aero
https://hstspreload.org/?domain=skybrary.aero
Is this me missing something or is there an issue in the scoring.
Thanks
The text was updated successfully, but these errors were encountered: