Details

    • Type: Feature Request
    • Status: Contributed Solution
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Liferay Contributor's Agreement:
      Accept

      Description

      HSTS (HTTP Strict Transport Security) is implemented by the server sending a specific header through https, indicating that the server would prefer all future requests through https - never through http.

      Compliant Browsers will then never again (in the timespan that is specified in the header) contact the server through http and automatically rewrite http URLs to it as https.

      This is also achievable through appropriate Apache configuration or any other frontend webserver, but would make a nice-to-configure addition, e.g. for Liferay's HeaderFilter, or a specific new filter.

      Example for such a header to specify "one year of https access":

      Strict-Transport-Security: max-age=31536000

      http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security#HSTS_Mechanism_Overview

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              olaf.kock Olaf Kock
            • Votes:
              3 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Packages

                Version Package