Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrect calculation for "Enforces HTTPS" #207

Open
mpreissner opened this issue Nov 8, 2019 · 3 comments
Open

Incorrect calculation for "Enforces HTTPS" #207

mpreissner opened this issue Nov 8, 2019 · 3 comments

Comments

@mpreissner
Copy link

🐛 Bug Report

A clear and concise description of what the bug is.

To Reproduce

Steps to reproduce the behavior:

Install pshtt on CentOS 7.7.
Run test against desired site with known Valid HTTPS and Defaults to HTTPS

Expected behavior

A given site returns "Valid HTTPS=True" and "Defaults to HTTPS=True", so "Domain Enforces HTTPS" should be True.

I support a federal agency...according to what's been published, pshtt is supposed to calculate "Domain Enforces HTTPS" based on (Domain Supports HTTPS=True AND (Defaults to HTTPS=True OR (Strictly Forces HTTPS=True AND Redirect=True))). If this logic is correct, then any domain with Valid HTTPS=True and Defaults to HTTPS=True should return True for Domain Enforces HTTPS, regardless of the values for Strictly Forces HTTPS and Redirect.

Test site was "list.ahrq.gov".

Any helpful log output

Paste the results here:

@DOS-cyber
Copy link

DOS-cyber commented Nov 8, 2019 via email

@mpreissner
Copy link
Author

Thanks Neil. If we simply get rid of the www 4th level domain, will that make the calculation come up as desired?

@echudow
Copy link
Collaborator

echudow commented Nov 8, 2019

You're right, the documentation should be updated. #192 updated the logic for Domain Enforces HTTPS to also require Strictly Forces HTTPS to be True.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants