maskit
commented
7 years ago I'm not sure whether it should be in ATS core, because it's just for the service, AFAIK. Maybe we can add the directive with header_rewrite plugin?
Closed unixwitch closed 6 years ago
maskit
commented
7 years ago I'm not sure whether it should be in ATS core, because it's just for the service, AFAIK. Maybe we can add the directive with header_rewrite plugin?
bryancall
commented
7 years ago As the person that added HSTS to core, I think we should remove HSTS in core and have people use header_rewrite. header_rewrite is more flexible and allows people to configure it anyway they want.
Leaving this open to remove the feature in core and add documentation on how to implement HSTS with header_rewrite
rpufky
commented
7 years ago After playing with this for a little while, I don't think there is anything else to be done with this in regards to Documentation. The information that is currently in the header rewrite documentation is enough to get going to support HSTS.
mlibbey
commented
6 years ago Sounds like this should be closed out then.
HSTS
preloadoption indicates a site wants to be included in browser bundled lists of HSTS sites: https://hstspreload.org/.TS should support
proxy.config.ssl.hsts_preloadandTSHttpTxnConfigIntSet(TS_CONFIG_SSL_HSTS_PRELOAD), either of which will, if HSTS is enabled, addpreloadto theStrict-Transport-Securityheader.