You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Brian Demers (Jira)" <ji...@apache.org> on 2020/08/11 21:40:00 UTC
[jira] [Updated] (SHIRO-740) SslFilter with HTTP Strict Transport
Security (HSTS)
[ https://issues.apache.org/jira/browse/SHIRO-740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers updated SHIRO-740:
-------------------------------
Fix Version/s: (was: 1.6.0)
1.6.1
> SslFilter with HTTP Strict Transport Security (HSTS)
> ----------------------------------------------------
>
> Key: SHIRO-740
> URL: https://issues.apache.org/jira/browse/SHIRO-740
> Project: Shiro
> Issue Type: Improvement
> Reporter: Francois Papon
> Assignee: Francois Papon
> Priority: Minor
> Fix For: 2.0.0, 1.6.1
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> HTTP Strict Transport Security (HSTS) would be a nice addition for all the SSL only sites out there. I think in recent years more and more pages have gone full SSL, with good reasons to do so. It is a bit problematic with SslFilter since this one is path based. If you go HSTS then everything on the site uses https. This might break thinks if you have a path with ssl and one without. You can do that with shiro but not with HSTS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)