[jira] [Updated] (KNOX-2594) Add includeSubDomains to HSTS Support in WebAppSec Provider

Sun, 25 Apr 2021 12:47:04 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated KNOX-2594:
------------------------------
    Description: 
HSTS has an additional directive that should be supported by our WebAppSec 
provider called includeSubDomains. This patch will extend the existing support 
to include optionally include it.

As a reference, Shiro has such support for HSTS and includeSubDomains: 
https://github.com/apache/shiro/blob/main/web/src/main/java/org/apache/shiro/web/filter/authz/SslFilter.java

  was:HSTS has an additional directive that should be supported by our 
WebAppSec provider called includeSubDomains. This patch will extend the 
existing support to include optionally include it.


> Add includeSubDomains to HSTS Support in WebAppSec Provider
> -----------------------------------------------------------
>
>                 Key: KNOX-2594
>                 URL: https://issues.apache.org/jira/browse/KNOX-2594
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 1.6.0
>
>
> HSTS has an additional directive that should be supported by our WebAppSec 
> provider called includeSubDomains. This patch will extend the existing 
> support to include optionally include it.
> As a reference, Shiro has such support for HSTS and includeSubDomains: 
> https://github.com/apache/shiro/blob/main/web/src/main/java/org/apache/shiro/web/filter/authz/SslFilter.java



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to