Open cr3wdayt5p opened 1 week ago
Hi @cr3wdayt5p Thanks for reporting there may be this reason. If you're using a custom domain, double-check that your SSL certificate bindings are still in place and valid. HSTS requires a valid SSL certificate. If the certificate expired or was removed, the HSTS header won't be sent.
Hi @bhagyshricompany
The certificate is assigned by Azure and is still valid (expiration 2025-01-23). The custom domain binding has also not been touched and is valid (see image).
My guess is that your bug is related to either the App Service Environment plan or to the Linux host.
We have another Azure Function running on the Dynamic plan on a Windows host in the same region (North Europe) with identical HSTS configuration – and this works. That host is also running a slightly newer runtime (4.1036.3.23284
).
We enabled HSTS around 2024-08-29 but now (2024-10-10) it is no longer working. The header is no longer sent. This applies to both the
*.azurewebsites.net
domain and our custom domain.We have made no other configuration changes in this period.
host.json
:Runtime Stack:
DOTNET-ISOLATED|8.0
Runtime Version:4.1036.2.2
OS: Linux Plan: Premium V3 (App Service Plan) Region: North EuropeDocs for the HSTS setting can be found here: https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook?tabs=isolated-process%2Cfunctionsv2&pivots=programming-language-csharp#hostjson-settings