[
https://issues.apache.org/jira/browse/NIFI-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-2437:
--------------------------------
Attachment: Screen Shot 2016-10-28 at 7.45.01 PM.png
Screen Shot 2016-10-28 at 7.45.53 PM.png
Screen Shot 2016-10-28 at 7.46.37 PM.png
Screen Shot 2016-10-28 at 7.46.46 PM.png
Screen Shot 2016-10-28 at 7.47.00 PM.png
Screen Shot 2016-10-28 at 7.50.04 PM.png
Screen Shot 2016-10-28 at 7.51.07 PM.png
Screen Shot 2016-10-28 at 7.51.47 PM.png
Screen Shot 2016-10-28 at 7.53.51 PM.png
Screen Shot 2016-10-28 at 7.54.30 PM.png
Screenshots of attempting both HTTPS and HTTP (with HSTS) connections in a
variety of browsers.
> Enforce HSTS to require HTTPS connections if available
> ------------------------------------------------------
>
> Key: NIFI-2437
> URL: https://issues.apache.org/jira/browse/NIFI-2437
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Labels: security
> Attachments: Screen Shot 2016-10-28 at 7.45.01 PM.png, Screen Shot
> 2016-10-28 at 7.45.53 PM.png, Screen Shot 2016-10-28 at 7.46.37 PM.png,
> Screen Shot 2016-10-28 at 7.46.46 PM.png, Screen Shot 2016-10-28 at 7.47.00
> PM.png, Screen Shot 2016-10-28 at 7.50.04 PM.png, Screen Shot 2016-10-28 at
> 7.51.07 PM.png, Screen Shot 2016-10-28 at 7.51.47 PM.png, Screen Shot
> 2016-10-28 at 7.53.51 PM.png, Screen Shot 2016-10-28 at 7.54.30 PM.png
>
>
> HTTP Strict Transport Security (HSTS) [1] [2] is a feature of HTTP which
> instructs browsers/clients to only communicate with a resource over HTTPS. It
> is implemented via a header sent in the response and future connections will
> require HTTPS.
> [1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> [2] https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
