Feedback How do we provide feedback and suggestions to existing resources?

Discussion in 'Support & Feedback' started by Death Kitten, Feb 20, 2016.

Thread Status:
Not open for further replies.
  1. Death Kitten
    Kickass

    Death Kitten Teenage Mutant Ninja Turtle Game Owner

    I just saw the resource posted on how to redirect users to https automagically, but based upon reading I did when setting it up on my own site, I read that one should set the HTTP Strict Transport Security header, as it causes the connection to remember it's supposed to be secure every time. For my own site, I did that in combination with the rewrite rules suggested in the posted resource to get my users on the secure connection the first time to trigger the header.

    For more information on the HSTS, here's the wiki entry: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

    I would also be happy to share my resulting .htaccess file if that would be of use.
     
  2. Shriker
    Magical

    Shriker Shadowlack Owner RPGfix Admin Patron Game Owner

    Usually you can just comment on the discussion thread for that particular resource. :) I actually think it's a great idea to teach people about HSTS, but it was a little out of scope (but super relevant) for my initial "how to."

    I think if I were to write something about HSTS, I'd also include a few extra things like the X-Frame-Options header (prevent embedding in a frame or iframe) and also maybe about the gravity/benefit of submitting to Chrome's HSTS preload list (be really sure that plain HTTP with no SSL is dead before enabling). I think in my mind all of that is a step two, and could be written in a continuation guide.
     
  3. Death Kitten
    Kickass

    Death Kitten Teenage Mutant Ninja Turtle Game Owner

    I was looking at the resource, and it said that I didn't have sufficient permission to comment?
     
  4. Shriker
    Magical

    Shriker Shadowlack Owner RPGfix Admin Patron Game Owner

    Strange, because I think it's set to default permissions. I'll take a look at it. Anyway, thank you for the feedback! :)

    Edit: @USS Joshua Norton Appears to be fixed now!
     
Loading...
Thread Status:
Not open for further replies.