Michael McCall wrote > I appreciated the assistance with the cipher list issue last week. Our > client has an additional question regarding our 4D Stand Alone - Web > Server enabled application. Below is the question they asked us today. Is > this something anyone has run across or for which there is a known > solution?
Reading Wikipedia: > The HSTS Policy[2] is communicated by the server to the user agent via an * > HTTP response header field named "Strict-Transport-Security" * > . HSTS Policy specifies a period of time during which the user agent > should only access the server in a secure fashion. All that's required is a header in the reply. I would put this in the database method "On Web Authentication" so it fires for every web request. C_TEXT($setStrictTransportSecurity) $setStrictTransportSecurity:="Strict-Transport-Security: max-age=31536000" WEB SET HTTP HEADER($setStrictTransportSecurity) - Matt -- View this message in context: http://4d.1045681.n5.nabble.com/Potential-SSL-Security-Issue-related-to-HTTP-Strict-Transport-Security-HSTS-tp5749182p5749187.html Sent from the 4D Tech mailing list archive at Nabble.com. ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
