[
https://issues.apache.org/jira/browse/NIFI-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-2437.
------------------------------------
Fix Version/s: 1.9.0
Assignee: Nathan Gough
Resolution: Fixed
> Enforce HSTS to require HTTPS connections if available
> ------------------------------------------------------
>
> Key: NIFI-2437
> URL: https://issues.apache.org/jira/browse/NIFI-2437
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Core Framework
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Assignee: Nathan Gough
> Priority: Major
> Labels: security
> Fix For: 1.9.0
>
> Attachments: Screen Shot 2016-10-28 at 7.45.01 PM.png, Screen Shot
> 2016-10-28 at 7.45.53 PM.png, Screen Shot 2016-10-28 at 7.46.37 PM.png,
> Screen Shot 2016-10-28 at 7.46.46 PM.png, Screen Shot 2016-10-28 at 7.47.00
> PM.png, Screen Shot 2016-10-28 at 7.50.04 PM.png, Screen Shot 2016-10-28 at
> 7.51.07 PM.png, Screen Shot 2016-10-28 at 7.51.47 PM.png, Screen Shot
> 2016-10-28 at 7.53.51 PM.png, Screen Shot 2016-10-28 at 7.54.30 PM.png
>
>
> HTTP Strict Transport Security (HSTS) [1] [2] is a feature of HTTP which
> instructs browsers/clients to only communicate with a resource over HTTPS. It
> is implemented via a header sent in the response and future connections will
> require HTTPS.
> [1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> [2] https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
