New issue
Advanced search Search tips

Issue 595660 link

Starred by 3 users

Issue metadata

Status: Archived
Owner: ----
Closed: Mar 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Remove Subdomains from HSTS List

Reported by laura.ku...@googlemail.com, Mar 17 2016

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36

Example URL:
all not-https subdomains of apiomat.com

Steps to reproduce the problem:
1. open an subdomain of apiomat.com
2. forwards automatically to https - NET::ERR_CERT_COMMON_NAME_INVALID
3. site can not be accessed

What is the expected behavior?
Only include the main domain apiomat.com to the HSTS preloded List but none of the subdomains.

What went wrong?
I set the preload HSTS header to our website's htaccess on 30th november 2015 as follows:

Header set Strict-Transport-Security "max-age=10886400; includeSubDomains=false; preload" env=HTTPS

I set includeSubdomains option to false because not all our subdomains are secured with https.
Now, after a long time, suddenly our subdomains are no longer reachable anymore. Could you make sure, that this option will be deleted from the preload list?

Thank you a lot!

Does it occur on multiple sites: Yes

Is it a problem with a plugin? No 

Did this work before? Yes till about 1 week ago.

Does this work in other browsers? Yes 

Chrome version: 49.0.2623.87  Channel: stable
OS Version: 10.0
Flash Version: Shockwave Flash 21.0 r0
 
Components: -Blink Internals>Network
Components: -Internals>Network Internals>Network>SSL
NET::ERR_CERT_COMMON_NAME_INVALID sounds like a certificate error, change to  Internals>Network>SSL.
Project Member

Comment 3 by sheriffbot@chromium.org, Mar 20 2017

Status: Archived (was: Unconfirmed)
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment