forces_https sometimes null #532
Comments
|
After looking at our code and at the code for pshtt, it's my opinion that there are not three legitimate states. The non-boolean state occurs when the insecure version of the domain ( I recommend we treat |
|
That makes sense to me, thanks. Indeed looking at the scan results with Would you mind filing an upstream issue with |
Here, `pshtt` sometimes returns `None` in the case where the landing page domain's non-HTTPS responses are not redirects. We consider this a failure of our forces-http test, so we want to ensure those cases are converted to `False` before being saved. Test added with a VCR recording of a domain that exhibited the quirk of having `None` in `pshtt_results['Strictly Forces HTTPS']`. Refs #532
Here, `pshtt` sometimes returns `None` in the case where the landing page domain's non-HTTPS responses are not redirects. We consider this a failure of our forces-http test, so we want to ensure those cases are converted to `False` before being saved. Test added with a VCR recording of a domain that exhibited the quirk of having `None` in `pshtt_results['Strictly Forces HTTPS']`. Refs #532
|
I've created cisagov/pshtt#176 to track this on their end. |
Here, `pshtt` sometimes returns `None` in the case where the landing page domain's non-HTTPS responses are not redirects. We consider this a failure of our forces-http test, so we want to ensure those cases are converted to `False` before being saved. Test added with a VCR recording of a domain that exhibited the quirk of having `None` in `pshtt_results['Strictly Forces HTTPS']`. Refs #532
If you look at http://securedrop.org/media/documents/scanresults.csv , you will note that the forces_https column is sometimes neither
TruenorFalse. What scan result does this third state represent? If there are legitimately three states, we have to change the field to non-Boolean, otherwise we should resolve to eitherTrueorFalse.The text was updated successfully, but these errors were encountered: