Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-11137

HSTS Support for Bitbucket Server

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • UIS:
      55
    • Feedback Policy:
      We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      Please provide support to utilize HSTS headers directly from Bitbucket's container Tomcat/Springboot.

      The HSTS is an IETF draft standard being developed by Google. It has a number of existing supported browsers like Firefox4 and Chrome (though I note both these are unsupported browsers). http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

      A sample HTTP configuration is here and the HTTPS would involve the same "Header Always set" directive in the Apache HTTPS virtual host (though strictly "Always" isn't required except on HTTP):
      https://www.owasp.org/index.php/HTTP_Strict_Transport_Security

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            miwalker Michael Walker
            Votes:
            13 Vote for this issue
            Watchers:
            24 Start watching this issue

              Dates

              Created:
              Updated: