You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2016/07/29 20:43:21 UTC
[jira] [Created] (NIFI-2437) Enforce HSTS to require HTTPS
connections if available
Andy LoPresto created NIFI-2437:
-----------------------------------
Summary: Enforce HSTS to require HTTPS connections if available
Key: NIFI-2437
URL: https://issues.apache.org/jira/browse/NIFI-2437
Project: Apache NiFi
Issue Type: New Feature
Components: Core Framework
Reporter: Andy LoPresto
Fix For: 1.1.0
HTTP Strict Transport Security (HSTS) [1] [2] is a feature of HTTP which instructs browsers/clients to only communicate with a resource over HTTPS. It is implemented via a header sent in the response and future connections will require HTTPS.
[1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
[2] https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)