[
https://issues.apache.org/jira/browse/ARTEMIS-4123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17655765#comment-17655765
]
ASF subversion and git services commented on ARTEMIS-4123:
----------------------------------------------------------
Commit 2e98c51d63b8cabc8903b7bdf4ad3cc61d445c61 in activemq-artemis's branch
refs/heads/main from Domenico Francesco Bruscino
[ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=2e98c51d63 ]
ARTEMIS-4123 Enable Strict-Transport-Security header
> Enable Strict-Transport-Security header
> ---------------------------------------
>
> Key: ARTEMIS-4123
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4123
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Reporter: Domenico Francesco Bruscino
> Assignee: Domenico Francesco Bruscino
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The Strict-Transport-Security header is ignored by the browser when your site
> has only been accessed using HTTP. Once your site is accessed over HTTPS with
> no certificate errors, the browser knows your site is HTTPS capable and will
> honor the Strict-Transport-Security header. Browsers do this as attackers may
> intercept HTTP connections to the site and inject or remove the header.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
