[jira] [Resolved] (ARTEMIS-4123) Enable Strict-Transport-Security header

Domenico Francesco Bruscino (Jira) Mon, 16 Jan 2023 06:44:04 -0800


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Domenico Francesco Bruscino resolved ARTEMIS-4123.
--------------------------------------------------
    Fix Version/s: 2.28.0
       Resolution: Fixed

> Enable Strict-Transport-Security header
> ---------------------------------------
>
>                 Key: ARTEMIS-4123
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4123
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Domenico Francesco Bruscino
>            Assignee: Domenico Francesco Bruscino
>            Priority: Major
>             Fix For: 2.28.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The Strict-Transport-Security header is ignored by the browser when your site 
> has only been accessed using HTTP. Once your site is accessed over HTTPS with 
> no certificate errors, the browser knows your site is HTTPS capable and will 
> honor the Strict-Transport-Security header. Browsers do this as attackers may 
> intercept HTTP connections to the site and inject or remove the header.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (ARTEMIS-4123) Enable Strict-Transport-Security header

Reply via email to