[
https://issues.apache.org/jira/browse/KNOX-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17331627#comment-17331627
]
Larry McCay commented on KNOX-2594:
-----------------------------------
Actually, this appears to already be supported - see docs:
http://knox.apache.org/books/knox-1-5-0/user-guide.html#HTTP+Strict+Transport+Security
Will check tests to ensure it works.
> Add includeSubDomains to HSTS Support in WebAppSec Provider
> -----------------------------------------------------------
>
> Key: KNOX-2594
> URL: https://issues.apache.org/jira/browse/KNOX-2594
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 1.6.0
>
>
> HSTS has an additional directive that should be supported by our WebAppSec
> provider called includeSubDomains. This patch will extend the existing
> support to include optionally include it.
> As a reference, Shiro has such support for HSTS and includeSubDomains:
> https://github.com/apache/shiro/blob/main/web/src/main/java/org/apache/shiro/web/filter/authz/SslFilter.java
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
