Andy LoPresto created NIFI-2437:
-----------------------------------
Summary: Enforce HSTS to require HTTPS connections if available
Key: NIFI-2437
URL: https://issues.apache.org/jira/browse/NIFI-2437
Project: Apache NiFi
Issue Type: New Feature
Components: Core Framework
Reporter: Andy LoPresto
Fix For: 1.1.0
HTTP Strict Transport Security (HSTS) [1] [2] is a feature of HTTP which
instructs browsers/clients to only communicate with a resource over HTTPS. It
is implemented via a header sent in the response and future connections will
require HTTPS.
[1] https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
[2] https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
