New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 353013 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Mar 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security



Sign in to add a comment

Security: admin.google.com should have HSTS preloaded

Project Member Reported by palmer@chromium.org, Mar 16 2014

Issue description

It's currently OPPORTUNISTIC, but shouldn't it be upgrade-always? It's used to e.g. manage Cloud Policy for fleets of mobile devices running Chrome.
 

Comment 1 by palmer@chromium.org, Mar 18 2014

Cc: joaodasilva@chromium.org

Comment 2 by rsesek@chromium.org, Mar 19 2014

Labels: Security_Severity-Medium Security_Impact-Stable Security_Impact-Beta

Comment 3 by palmer@chromium.org, Mar 20 2014

Owner: joaodasilva@chromium.org
Status: Started
Status: Fixed
Project Member

Comment 6 by ClusterFuzz, Mar 24 2014

Labels: -Restrict-View-SecurityTeam M-33 Merge-Triage Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz
Chris, do you think this should be merged to 33 and 34?

Comment 8 by palmer@chromium.org, Mar 26 2014

Labels: -Merge-Triage Merge-Requested
I have a feeling there are no more merges going into 33. But 34, yes. It should be a nice clean merge and makes good sense. Thanks!

Comment 9 by dxie@chromium.org, Mar 27 2014

Labels: -Merge-Requested Merge-Approved
Project Member

Comment 10 by bugdroid1@chromium.org, Mar 28 2014

Labels: -Merge-Approved merge-merged-1847
------------------------------------------------------------------
r260097 | joaodasilva@chromium.org | 2014-03-28T09:19:23.865441Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1847/src/net/http/transport_security_state_static.h?r1=260097&r2=260096&pathrev=260097
   M http://src.chromium.org/viewvc/chrome/branches/1847/src/net/http/transport_security_state_static.json?r1=260097&r2=260096&pathrev=260097

Merge 258907 "Require HTTPS for admin.google.com."

> Require HTTPS for admin.google.com.
> 
> BUG= 353013 
> R=agl@chromium.org, palmer@chromium.org
> 
> Review URL: https://codereview.chromium.org/206063006

TBR=joaodasilva@chromium.org

Review URL: https://codereview.chromium.org/216663003
-----------------------------------------------------------------
Labels: -M-33 Release-0-M34
Cc: engedy@chromium.org
Project Member

Comment 13 by ClusterFuzz, Jun 30 2014

Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member

Comment 14 by ClusterFuzz, Feb 2 2016

Labels: -Security_Impact-Beta
Project Member

Comment 15 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 16 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment