id.fedoraproject.org is not using a HSTS header after there were problems making .id.fedoraproject.org sslonly. As far as I understood it should be possible to set a HSTS header for id.fedoraproject.org as long as there are no redirects to https for .id.fedoraproject.org. The attached patch should take care of this. Please review and apply it.
This needs includeSubDomains disabled because as discussed you can't make any assumptions about the relying parties' http client implementation.
attachment 0001-Enable-HSTS-for-id.fedoraproject.org-again.patch
here is an updated patch
Thank you, this has been merged and is live.
Log in to comment on this ticket.