aeris22’s Twitter Archive

…in reply to @unixf0x
@unixf0x Pas de HSTS, même sur le login : curl -IL cphnet.cph.be/ HTTP/1.1 302 Found Location: cphnet.cph.be/Private/V4/login.asp Content-Type: text/html; charset=iso-8859-1 HTTP/1.1 405 Method Not Allowed Allow: Content-Type: text/html; charset=iso-8859-1
On twitter.com 2019 Jan 13 Mood +1 🙂

…in reply to @aeris22
@unixf0x Erreur classique de config de HSTS… Elle n’est active *que* sur les 2xx/3xx. Les 4xx/5xx sont ignorées…
Permalink On twitter.com 2019 Jan 13 Mood +1 🙂

…in reply to @aeris22
@unixf0x $ curl -sI cphnet.cph.be/Private/V4/login.asp | rg "^(Strict-Transport-Security|HTTP/)" HTTP/1.1 405 Method Not Allowed $ curl -si https://t.co/SNYU9YqBa3 | rg "^(Strict-Transport-Security|HTTP/)" HTTP/1.1 200 OK Strict-Transport-Security: max-age=31536000Transport-Security
Permalink On twitter.com 2019 Jan 13 Mood 0