Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-11137

HSTS Support for Bitbucket Server

    XMLWordPrintable

Details

    • 38
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Please provide support to utilize HSTS headers directly from Bitbucket's container Tomcat/Springboot.

      The HSTS is an IETF draft standard being developed by Google. It has a number of existing supported browsers like Firefox4 and Chrome (though I note both these are unsupported browsers). http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

      A sample HTTP configuration is here and the HTTPS would involve the same "Header Always set" directive in the Apache HTTPS virtual host (though strictly "Always" isn't required except on HTTP):
      https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              behumphreys Ben Humphreys
              miwalker Michael Walker
              Votes:
              42 Vote for this issue
              Watchers:
              58 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: