Support (HTTP) Strict Transport Security (HSTS) and Force HTTPS

Registered by Alex Harrington

http://www.grc.com/securitynow.htm#262
http://www.w3.org/Security/wiki/Strict_Transport_Security
http://en.wikipedia.org/wiki/Strict_Transport_Security
http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html#syntax
for background.

Add two flags in the settings table, one that forces HTTP based requests to be redirected to HTTPS equivalents and one that adds in the STS to the response headers so that users browsers will not connect to the Xibo console if the SSL certificate is invalid or over HTTP. Also add an option for the TTL of the STS header to the DB.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
Alex Harrington
Direction:
Approved
Assignee:
Dan Garner
Definition:
Discussion
Series goal:
Accepted for 1.7
Implementation:
Implemented
Milestone target:
milestone icon 1.7.0-beta
Started by
Dan Garner
Completed by
Dan Garner

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.