Details

    • Type: Feature Request
    • Status: Contributed Solution
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Liferay Contributor's Agreement:
      Accept

      Description

      HSTS (HTTP Strict Transport Security) is implemented by the server sending a specific header through https, indicating that the server would prefer all future requests through https - never through http.

      Compliant Browsers will then never again (in the timespan that is specified in the header) contact the server through http and automatically rewrite http URLs to it as https.

      This is also achievable through appropriate Apache configuration or any other frontend webserver, but would make a nice-to-configure addition, e.g. for Liferay's HeaderFilter, or a specific new filter.

      Example for such a header to specify "one year of https access":

      Strict-Transport-Security: max-age=31536000

      http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security#HSTS_Mechanism_Overview

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            olaf.kock Olaf Kock
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:

                Packages

                Version Package