Details
-
Suggestion
-
Resolution: Done
-
None
-
38
-
Description
Please provide support to utilize HSTS headers directly from Bitbucket's container Tomcat/Springboot.
The HSTS is an IETF draft standard being developed by Google. It has a number of existing supported browsers like Firefox4 and Chrome (though I note both these are unsupported browsers). http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
A sample HTTP configuration is here and the HTTPS would involve the same "Header Always set" directive in the Apache HTTPS virtual host (though strictly "Always" isn't required except on HTTP):
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
Attachments
Issue Links
- mentioned in
-
Page Loading...