You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
diff --git a/testssl.sh b/testssl.sh
index 99cc71b..a0d5578 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -2724,6 +2724,7 @@ run_hsts() {
# strict parsing now as suggested in #2381
hsts_age_sec="${HEADERVALUE#*=}"
hsts_age_sec=${hsts_age_sec%%;*}
+ hsts_age_sec=$(strip_trailing_space "$hsts_age_sec")
if [[ $hsts_age_sec =~ \" ]]; then
# remove first an last " in $hsts_age_sec (borrowed from strip_trailing_space/strip_leading_space):
hsts_age_sec=$(printf "%s" "${hsts_age_sec#"${hsts_age_sec%%[!\"]*}"}")
The text was updated successfully, but these errors were encountered:
I am running version
A site that returns a HSTS header with spaces between directives gets reported as a misconfigured HSTS header.
e.g.
Expected Behaviour
The header above is valid as per RFC6797, and should have passed the test.
Additional Context
Debug log shows:
The following patch should fix the issue:
The text was updated successfully, but these errors were encountered: