Strict Transport Security Filter

andytanoko / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java

0 stars 0 forks source link

Strict Transport Security Filter #53

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

This could be a useful feature to supply to the ESAPI userbase. Create a 
filter that handles STS headers and redirects accordingly. The draft spec for 
STS is located here:

http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-
hodges-strict-transport-sec-05.plain.html

Things to consider:
1. Session/Cookie Loss due to changing domains from http => https
2. Redirect with POST/GET Request Parms?

Original issue reported on code.google.com by chrisisbeef on 6 Nov 2009 at 11:28

Merged into: #169

GoogleCodeExporter commented 8 years ago

I agree, this is key.

Original comment by manico.james@gmail.com on 1 Nov 2010 at 6:03

Changed state: Accepted

GoogleCodeExporter commented 8 years ago

Jeff provided a starting point for us to consider.

Original comment by manico.james@gmail.com on 2 Nov 2010 at 12:13

Added labels: Milestone-Release2.1
Removed labels: Milestone-Release3.0

Attachments:

StrictTransportSecurityFilter.java

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 2 Nov 2010 at 12:14

Changed title: Strict Transport Filter

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 2 Nov 2010 at 12:16

Changed title: Strict Transport Security Filter
Changed state: Started

GoogleCodeExporter commented 8 years ago

killing this. moving to 
http://code.google.com/p/owasp-esapi-java/issues/detail?id=169

Original comment by manico.james@gmail.com on 3 Nov 2010 at 5:41

Changed state: Duplicate

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 3 Nov 2010 at 5:43