You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Francois Papon (Jira)" <ji...@apache.org> on 2020/02/01 12:49:00 UTC

[jira] [Created] (SHIRO-740) SslFilter with HTTP Strict Transport Security (HSTS)

Francois Papon created SHIRO-740:
------------------------------------

             Summary: SslFilter with HTTP Strict Transport Security (HSTS)
                 Key: SHIRO-740
                 URL: https://issues.apache.org/jira/browse/SHIRO-740
             Project: Shiro
          Issue Type: Improvement
            Reporter: Francois Papon
             Fix For: 1.5.1


HTTP Strict Transport Security (HSTS) would be a nice addition for all the SSL only sites out there. I think in recent years more and more pages have gone full SSL, with good reasons to do so. It is a bit problematic with SslFilter since this one is path based. If you go HSTS then everything on the site uses https. This might break thinks if you have a path with ssl and one without. You can do that with shiro but not with HSTS.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)