[
https://issues.apache.org/jira/browse/SOLR-15578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17401612#comment-17401612
]
Bence Szabó commented on SOLR-15578:
------------------------------------
Hi!
While I was testing this solution manually to see if it really works I tested
it as [~marcussorealheis] said, I was looking at the headers of the response
from curl, and with this in the jetty.xml among the headers there was this one:
{code}
...
< Strict-Transport-Security: max-age=31536000; includeSubDomains
...
{code}
As far as automated testing is concerned I was not yet thinking of those, but
after a quick search I found this class:
https://github.com/apache/solr/blob/main/solr/core/src/test/org/apache/solr/servlet/SecurityHeadersTest.java
Maybe we could add the Strict-Trasport-Security as an expected header in this
class when the appropriate solution is ready.
> Add Support for HSTS Security Protocol
> --------------------------------------
>
> Key: SOLR-15578
> URL: https://issues.apache.org/jira/browse/SOLR-15578
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Server, v2 API
> Affects Versions: main (9.0)
> Reporter: Marcus Eagan
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> A committer raised the idea of a supporting HSTS protocol and I think it is a
> good idea. We can add it somewhat easily as an option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
