You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2016/07/29 20:43:21 UTC

[jira] [Created] (NIFI-2437) Enforce HSTS to require HTTPS connections if available

Andy LoPresto created NIFI-2437:
-----------------------------------

             Summary: Enforce HSTS to require HTTPS connections if available
                 Key: NIFI-2437
                 URL: https://issues.apache.org/jira/browse/NIFI-2437
             Project: Apache NiFi
          Issue Type: New Feature
          Components: Core Framework
            Reporter: Andy LoPresto
             Fix For: 1.1.0


HTTP Strict Transport Security (HSTS) [1] [2] is a feature of HTTP which instructs browsers/clients to only communicate with a resource over HTTPS. It is implemented via a header sent in the response and future connections will require HTTPS. 

[1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
[2] https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)