Support (HTTP) Strict Transport Security (HSTS) and Force HTTPS
Registered by
Alex Harrington
http://
http://
http://
http://
for background.
Add two flags in the settings table, one that forces HTTP based requests to be redirected to HTTPS equivalents and one that adds in the STS to the response headers so that users browsers will not connect to the Xibo console if the SSL certificate is invalid or over HTTP. Also add an option for the TTL of the STS header to the DB.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Medium
- Drafter:
- Alex Harrington
- Direction:
- Approved
- Assignee:
- Dan Garner
- Definition:
- Discussion
- Series goal:
- Accepted for 1.7
- Implementation:
- Implemented
- Milestone target:
- 1.7.0-beta
- Started by
- Dan Garner
- Completed by
- Dan Garner
Related branches
Related bugs
Sprints
Whiteboard
(?)