News/HTTPS enforcement at shared proxy

From Wikitech
Jump to navigation Jump to search

The web proxy service for Cloud VPS projects is enforcing TLS encryption by automatically redirecting from HTTP to HTTPS.

What is changing?

  • Requests to *.wmcloud.org and *.wmflabs.org hosts via the domain proxy service enforce TLS encryption
  • Strict-Transport-Security header added to TLS secured responses instructing user-agents to automatically upgrade http:// requests to https:// for the next 24 hours.

Timeline

  • Yes Done 2020-08-18: TLS enforced for GET and HEAD requests and Strict-Transport-Security header with one day duration sent to clients.
  • Yes Done 2021-02-02: TLS enforced for all requests and Strict-Transport-Security header with one year duration sent to clients.