[
https://issues.apache.org/jira/browse/SOLR-15578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17425469#comment-17425469
]
Jan Høydahl commented on SOLR-15578:
------------------------------------
Can someone explain why HSTS this makes a difference on the Solr server? The
only client who cares would be browsers, and the only use browsers would have
is for Admin UI. If your Solr is running in SSL mode, it will require SSL on
its port (e.g. 8983), and the only effect of HSTS then is so that the browser
will reject non-SSL connections to the same server for a certain time, to
protect the user against someone trying to fall-back to http. But what I don't
see is how this protects the user in any way, as Solr will never expose both
http and https ports at the same time.
> Add Support for HSTS Security Protocol
> --------------------------------------
>
> Key: SOLR-15578
> URL: https://issues.apache.org/jira/browse/SOLR-15578
> Project: Solr
> Issue Type: Improvement
> Components: Server, v2 API
> Affects Versions: main (9.0)
> Reporter: Marcus Eagan
> Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
> A committer raised the idea of a supporting HSTS protocol and I think it is a
> good idea. We can add it somewhat easily as an option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
