bugs.webkit.org should use Strict-Transport-Security
Created attachment 98062 [details] Patch
Comment on attachment 98062 [details] Patch My Apache is somewhat rusty, so patch is somewhat of a guess.
SGTM.
What about ;includeSubDomains (or however it is spelled) It defends against some additional faults in corner cases. Does this cover the attachment origins too? (e.g. https://bug-63097-attachments.webkit.org/)
> What about ;includeSubDomains (or however it is spelled) > It defends against some additional faults in corner cases. Looks like bugzilla only uses host cookies, so we probably don't need this. (It's not useful for integrity unless we can get all of webkit.org, which seems unlikely.) > Does this cover the attachment origins too? (e.g. https://bug-63097-attachments.webkit.org/) I believe so, but wms would know better than I.
Comment on attachment 98062 [details] Patch Clearing flags on attachment: 98062 Committed r89399: <http://trac.webkit.org/changeset/89399>
All reviewed patches have been landed. Closing bug.