[jira] [Updated] (SHIRO-740) SslFilter with HTTP Strict Transport Security (HSTS)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (SHIRO-740) SslFilter with HTTP Strict Transport Security (HSTS)

Benjamin Marwell (Jira)

     [ https://issues.apache.org/jira/browse/SHIRO-740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Demers updated SHIRO-740:
-------------------------------
    Fix Version/s:     (was: 1.6.1)

> SslFilter with HTTP Strict Transport Security (HSTS)
> ----------------------------------------------------
>
>                 Key: SHIRO-740
>                 URL: https://issues.apache.org/jira/browse/SHIRO-740
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Francois Papon
>            Assignee: Francois Papon
>            Priority: Minor
>             Fix For: 2.0.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> HTTP Strict Transport Security (HSTS) would be a nice addition for all the SSL only sites out there. I think in recent years more and more pages have gone full SSL, with good reasons to do so. It is a bit problematic with SslFilter since this one is path based. If you go HSTS then everything on the site uses https. This might break thinks if you have a path with ssl and one without. You can do that with shiro but not with HSTS.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)