[
https://issues.apache.org/jira/browse/NIFI-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15617295#comment-15617295
]
Andy LoPresto commented on NIFI-2437:
-------------------------------------
In the previous comment, it should be noted that I set up a custom LDAP
identity provider in order to determine if it was just a client certificate
issue. Even with LDAP authentication offered, I could only perform the HSTS
redirect from {{http://}} to {{https://}} in Chrome.
> Enforce HSTS to require HTTPS connections if available
> ------------------------------------------------------
>
> Key: NIFI-2437
> URL: https://issues.apache.org/jira/browse/NIFI-2437
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Labels: security
> Attachments: Screen Shot 2016-10-28 at 7.45.01 PM.png, Screen Shot
> 2016-10-28 at 7.45.53 PM.png, Screen Shot 2016-10-28 at 7.46.37 PM.png,
> Screen Shot 2016-10-28 at 7.46.46 PM.png, Screen Shot 2016-10-28 at 7.47.00
> PM.png, Screen Shot 2016-10-28 at 7.50.04 PM.png, Screen Shot 2016-10-28 at
> 7.51.07 PM.png, Screen Shot 2016-10-28 at 7.51.47 PM.png, Screen Shot
> 2016-10-28 at 7.53.51 PM.png, Screen Shot 2016-10-28 at 7.54.30 PM.png
>
>
> HTTP Strict Transport Security (HSTS) [1] [2] is a feature of HTTP which
> instructs browsers/clients to only communicate with a resource over HTTPS. It
> is implemented via a header sent in the response and future connections will
> require HTTPS.
> [1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> [2] https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
